Patents by Inventor Karl Norrman
Karl Norrman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210360397Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.Type: ApplicationFiled: July 30, 2021Publication date: November 18, 2021Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
-
Publication number: 20210328775Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.Type: ApplicationFiled: July 2, 2021Publication date: October 21, 2021Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
-
Patent number: 11096045Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.Type: GrantFiled: December 13, 2019Date of Patent: August 17, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
-
Publication number: 20210243597Abstract: The present disclosure generally relates to the field of security context setup. More specifically, the present disclosure relates to techniques of supporting security context setup in a wireless communication network. A method embodiment relates to supporting security context setup in a wireless communication network, the method comprising initiating (S304), by a radio access network (RAN) element of the wireless communication network, Access Stratum (AS) security context setup for a first Radio Access Technology (RAT) and a second RAT in a common signaling procedure.Type: ApplicationFiled: April 20, 2021Publication date: August 5, 2021Inventors: Osman Nuri Can Yilmaz, Icaro L. J. Da Silva, Karl Norrman, Paul Schliwa-Bertling, Stefan Wager
-
Publication number: 20210235265Abstract: A communication system for resuming a connection comprises a user equipment (UE) and network nodes. A first network node is configured to prepopulate a UE context, and send, to a second network node, the UE context. The second network node is configured to receive, from the first network node, the UE context, and send, to a UE, a resume request message including a freshness parameter and the UE context. The UE is configured to receive, from the second network node, a resume request message including the freshness parameter and the UE context, generate an authentication token based on the freshness parameter and the UE context, and send, to the second network node, a resume response message including the authentication token. The communication system provides a freshness parameter and a prepopulated UE context to secure and facilitate resume procedure against replay attacks.Type: ApplicationFiled: November 16, 2018Publication date: July 29, 2021Inventors: Magnus STATTIN, Gunnar MILDH, Dung PHAM VAN, Paul SCHLIWA-BERTLING, Icaro L. J. DA SILVA, Karl NORRMAN, Oscar OHLSSON
-
Patent number: 11075749Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.Type: GrantFiled: September 10, 2019Date of Patent: July 27, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
-
Publication number: 20210226781Abstract: A communication device for communication with a network device during EAP-AKA?. The communication device is operative to: receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device; receive a cipher key, CK, and an integrity key, IK, generate a modified cipher key, CK?, and a modified integrity key, IK? based on CK, IK and an access network identity, calculate a second PFS parameter value; send the second PFS parameter value to the network device; calculate a third PFS parameter value; and derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK?, IK? and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.Type: ApplicationFiled: October 30, 2018Publication date: July 22, 2021Inventors: Jari ARKKO, Karl NORRMAN, Vesa TORVINEN
-
Patent number: 11039307Abstract: A wireless device (16) configured to receive from a network node (20) a page (18) that includes a paging identifier (18A) 4 for the wireless device (16). The paging identifier (18A) may identify as a target of the page (18) a wireless device (16) associated with a particular subscriber. In fact, in some embodiments, the paging identifier (18A) is based on an encrypted subscription identifier for the wireless device (16) or is a pseudonym subscription identifier for the wireless device (16). In any event, the wireless device (16) is also configured to transmit to the network node (20) a response (22) to the page (18) that indicates the wireless device (16) was paged but that includes an identifier for the wireless device (16) that is different than the paging identifier (18A) included in the page (18).Type: GrantFiled: December 29, 2017Date of Patent: June 15, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar Nakarmi, Enrique Cobo Jimenez, Mats Näslund, Karl Norrman
-
Publication number: 20210176227Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: ApplicationFiled: February 23, 2021Publication date: June 10, 2021Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
-
Patent number: 11032701Abstract: The present disclosure generally relates to the field of security context setup. More specifically, the present disclosure relates to techniques of supporting security context setup in a wireless communication network. A method embodiment relates to supporting security context setup in a wireless communication network, the method comprising initiating (S304), by a radio access network (RAN) element of the wireless communication network, Access Stratum (AS) security context setup for a first Radio Access Technology (RAT) and a second RAT in a common signaling procedure.Type: GrantFiled: November 5, 2019Date of Patent: June 8, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Osman Nuri Can Yilmaz, Icaro L. J. Da Silva, Karl Norrman, Paul Schliwa-Bertling, Stefan Wager
-
Patent number: 11019488Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.Type: GrantFiled: January 29, 2021Date of Patent: May 25, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Noamen Ben Henda, Christine Jost, Monica Wifvesson, Karl Norrman
-
Publication number: 20210153013Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.Type: ApplicationFiled: January 29, 2021Publication date: May 20, 2021Inventors: Noamen Ben Henda, Christine Jost, Monica Wifvesson, Karl Norrman
-
Patent number: 11012897Abstract: According to an aspect, there is provided a method of operating a first radio access node in a communication network, the method comprising determining whether a first base key that is used to determine a first encryption key for encrypting communications between a communication device and the first radio access node can be used by a second radio access node for determining a second encryption key for encrypting communications between the communication device and the second radio access node; and if the first base key can be used by the second radio access node, sending the first base key to the second radio access node during handover of the communication device from the first radio access node to the second radio access node.Type: GrantFiled: September 20, 2016Date of Patent: May 18, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Rasmus Axén, Karl Norrman
-
Publication number: 20210144595Abstract: Core network equipment is configured for use in a core network of a wireless communication system. The core network equipment is configured to switch switching to using a new non-access stratum, NAS, security context between a user equipment and the core network equipment. The core network equipment is also configured to, during or in association with a handover procedure for handover of the user equipment, signal from the core network equipment that the new NAS security context between the user equipment and the core network equipment is to be used as a basis for an access stratum (AS) security context between the user equipment and radio access network equipment.Type: ApplicationFiled: January 25, 2021Publication date: May 13, 2021Inventors: Prajwol Kumar Nakarmi, Karl Norrman, Monica Wifvesson
-
Publication number: 20210126726Abstract: Methods and apparatus in a fifth-generation wireless communications, including an example method, in a wireless device, that includes receiving a downlink signal comprising an uplink access configuration index, using the uplink access configuration index to identify an uplink access configuration from among a predetermined plurality of uplink access configurations, and transmitting to the wireless communications network according to the identified uplink access configuration. The example method further includes, in the same wireless device, receiving, in a first subframe, a first Orthogonal Frequency-Division Multiplexing (OFDM) transmission formatted according to a first numerology and receiving, in a second subframe, a second OFDM transmission formatted according to a second numerology, the second numerology differing from the first numerology. Variants of this method, corresponding apparatuses, and corresponding network-side methods and apparatuses are also disclosed.Type: ApplicationFiled: December 31, 2020Publication date: April 29, 2021Inventors: Stefan Parkvall, Janne Peisa, Gunnar Mildh, Robert Baldemair, Stefan Wager, Jonas Kronander, Karl Werner, Richard Abrahamsson, Ismet Aktas, Peter Alriksson, Junaid Ansari, Shehzad Ali Ashraf, Henrik Asplund, Fredrik Athley, Håkan Axelsson, Joakim Axmon, Johan Axnäs, Kumar Balachandran, Gunnar Bark, Jan-Erik Berg, Andreas Bergström, Håkan Björkegren, Nadia Brahmi, Cagatay Capar, Anders Carlsson, Andreas Cedergren, Mikael Coldrey, Icaro L. J. da Silva, Erik Dahlman, Ali el Essaili, Ulrika Engström, Mårten Ericson, Erik Eriksson, Mikael Fallgren, Rui Fan, Gabor Fodor, Pål Frenger, Jonas Fridén, Jonas Fröberg Olsson, Anders Furuskär, Johan Furuskog, Virgile Garcia, Ather Gattami, Fredrik Gunnarsson, Ulf Gustavsson, Bo Hagerman, Fredrik Harrysson, Ning He, Martin Hessler, Kimmo Hiltunen, Songnam Hong, Dennis Hui, Jörg Huschke, Tim Irnich, Sven Jacobsson, Niklas Jaldén, Simon Järmyr, Zhiyuan Jiang, Niklas Johansson, Martin Johansson, Du Ho Kang, Eleftherios Karipidis, Patrik Karlsson, Ali S. Khayrallah, Caner Kilinc, Göran N. Klang, Sara Landström, Christina Larsson, Gen Li, Lars Lindbom, Robert Lindgren, Bengt Lindoff, Fredrik Lindqvist, Jinhua Liu, Thorsten Lohmar, Qianxi Lu, Lars Manholm, Ivana Maric, Jonas Medbo, Qingyu Miao, Reza Moosavi, Walter Müller, Elena Myhre, Karl Norrman, Bengt-Erik Olsson, Torgny Palenius, Sven Petersson, Jose Luis Pradas, Mikael Prytz, Olav Queseth, Pradeepa Ramachandra, Edgar Ramos, Andres Reial, Thomas Rimhagen, Emil Ringh, Patrik Rugeland, Johan Rune, Joachim Sachs, Henrik Sahlin, Vidit Saxena, Nima Seifi, Yngve Selén, Eliane Semaan, Sachin Sharma, Cong Shi, Johan Sköld, Magnus Stattin, Anders Stjernman, Dennis Sundman, Lars Sundström, Miurel Isabel Tercero Vargas, Claes Tidestav, Sibel Tombaz, Johan Torsner, Hugo Tullberg, Jari Vikberg, Peter von Wrycza, Thomas Walldeen, Pontus Wallentin, Hai Wang, Ke Wang Helmersson, Jianfeng Wang, Yi-Pin Eric Wang, Niclas Wiberg, Emma Wittenmark, Osman Nuri Can Yilmaz, Ali Zaidi, Zhan Zhang, Zhang Zhang, Yanli Zheng
-
Patent number: 10966093Abstract: A method is performed by a wireless device (16). The method comprises determining whether a core network functionality (12) of a wireless communication system (10) refreshes a temporary identifier (18) associated with the wireless device (16) in accordance with a defined procedure. The method also comprises, responsive to determining that the core network functionality (12) does not refresh the temporary identifier (18) in accordance with the defined procedure, performing one or more actions. The action(s) may for instance include recording at the wireless device (16) that the core network functionality (12) does not refresh a temporary identifier (18) in accordance with the defined procedure and/or reporting the core network functionality (12) as not refreshing the temporary identifier (18) in accordance with the defined procedure.Type: GrantFiled: September 15, 2017Date of Patent: March 30, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Karl Norrman, Prajwol Kumar Nakarmi
-
Patent number: 10965660Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: GrantFiled: September 3, 2019Date of Patent: March 30, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Publication number: 20210084544Abstract: According to an aspect, there is provided a method of operating a first radio access node in a communication network, the method comprising determining (601) whether a first base key that is used to determine a first encryption key for encrypting communications between a communication device and the first radio access node can be used by a second radio access node for determining a second encryption key for encrypting communications between the communication device and the second radio access node; and if the first base key can be used by the second radio access node, sending (603) the first base key to the second radio access node during handover of the communication device from the first radio access node to the second radio access node.Type: ApplicationFiled: November 30, 2020Publication date: March 18, 2021Inventors: Rasmus Axén, Karl Norrman
-
Patent number: 10938497Abstract: Methods and apparatus in a fifth-generation wireless communications, including an example method, in a wireless device, that includes receiving a downlink signal comprising an uplink access configuration index, using the uplink access configuration index to identify an uplink access configuration from among a predetermined plurality of uplink access configurations, and transmitting to the wireless communications network according to the identified uplink access configuration. The example method further includes, in the same wireless device, receiving, in a first subframe, a first Orthogonal Frequency-Division Multiplexing (OFDM) transmission formatted according to a first numerology and receiving, in a second subframe, a second OFDM transmission formatted according to a second numerology, the second numerology differing from the first numerology. Variants of this method, corresponding apparatuses, and corresponding network-side methods and apparatuses are also disclosed.Type: GrantFiled: December 13, 2019Date of Patent: March 2, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Stefan Parkvall, Janne Peisa, Gunnar Mildh, Robert Baldemair, Stefan Wager, Jonas Kronander, Karl Werner, Richard Abrahamsson, Ismet Aktas, Peter Alriksson, Junaid Ansari, Shehzad Ali Ashraf, Henrik Asplund, Fredrik Athley, Håkan Axelsson, Joakim Axmon, Johan Axnäs, Kumar Balachandran, Gunnar Bark, Jan-Erik Berg, Andreas Bergström, Håkan Björkegren, Nadia Brahmi, Cagatay Capar, Anders Carlsson, Andreas Cedergren, Mikael Coldrey, Icaro L. J. da Silva, Erik Dahlman, Ali el Essaili, Ulrika Engström, Mårten Ericson, Erik Eriksson, Mikael Fallgren, Rui Fan, Gabor Fodor, Pål Frenger, Jonas Fridén, Jonas Fröberg Olsson, Anders Furuskär, Johan Furuskog, Virgile Garcia, Ather Gattami, Fredrik Gunnarsson, Ulf Gustavsson, Bo Hagerman, Fredrik Harrysson, Ning He, Martin Hessler, Kimmo Hiltunen, Songnam Hong, Dennis Hui, Jörg Huschke, Tim Irnich, Sven Jacobsson, Niklas Jaldén, Simon Järmyr, Zhiyuan Jiang, Niklas Johansson, Martin Johansson, Du Ho Kang, Eleftherios Karipidis, Patrik Karlsson, Ali S. Khayrallah, Caner Kilinc, Göran N. Klang, Sara Landstrom, Christina Larsson, Gen Li, Lars Lindbom, Robert Lindgren, Bengt Lindoff, Fredrik Lindqvist, Jinhua Liu, Thorsten Lohmar, Qianxi Lu, Lars Manholm, Ivana Maric, Jonas Medbo, Qingyu Miao, Reza Moosavi, Walter Müller, Elena Myhre, Karl Norrman, Bengt-Erik Olsson, Torgny Palenius, Sven Petersson, Jose Luis Pradas, Mikael Prytz, Olav Queseth, Pradeepa Ramachandra, Edgar Ramos, Andres Reial, Thomas Rimhagen, Emil Ringh, Patrik Rugeland, Johan Rune, Joachim Sachs, Henrik Sahlin, Vidit Saxena, Nima Seifi, Yngve Selén, Eliane Semaan, Sachin Sharma, Cong Shi, Johan Sköld, Magnus Stattin, Anders Stjernman, Dennis Sundman, Lars Sundström, Miurel Isabel Tercero Vargas, Claes Tidestav, Sibel Tombaz, Johan Torsner, Hugo Tullberg, Jari Vikberg, Peter von Wrycza, Thomas Walldeen, Pontus Wallentin, Hai Wang, Ke Wang Helmersson, Jianfeng Wang, Yi-Pin Eric Wang, Niclas Wiberg, Emma Wittenmark, Osman Nuri Can Yilmaz, Ali Zaidi, Zhan Zhang, Zhang Zhang, Yanli Zheng
-
Patent number: 10939334Abstract: Core network equipment (16) is configured for use in a core network of a wireless communication system. The core network equipment (16) is configured to switch switching to using a new non-access stratum, NAS, security context between a user equipment (14) and the core network equipment (16). The core network equipment (16) is also configured to, during or in association with a handover procedure for handover of the user equipment (14), signal from the core network equipment (16) that the new NAS security context between the user equipment (14) and the core network equipment (16) is to be used as a basis for an access stratum (AS) security context between the user equipment (14) and radio access network equipment (12).Type: GrantFiled: September 14, 2018Date of Patent: March 2, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Karl Norrman, Monica Wifvesson