Patents by Inventor Pasi SAARINEN
Pasi SAARINEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230396994Abstract: Network equipment is configured for use in one of multiple different core network domains of a wireless communication system. The network equipment is configured to receive a message that has been, or is to be, transmitted between the different core network domains. The network equipment is also configured to apply inter-domain security protection to, or remove inter-domain security protection from, one or more portions of the content of a field in the message according to a protection policy. The protection policy includes information indicating to which one or more portions of the content inter-domain security protection is to be applied or removed. The network equipment is also configured to forward the message, with inter-domain security protection applied or removed to the one or more portions, towards a destination of the message.Type: ApplicationFiled: August 15, 2023Publication date: December 7, 2023Inventors: Pasi SAARINEN, Jesús Ángel DE-GREGORIO-RODRIGUEZ, Christine JOST, Pablo MARTINEZ DE LA CRUZ
-
Patent number: 11785451Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.Type: GrantFiled: July 15, 2022Date of Patent: October 10, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Patent number: 11750556Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.Type: GrantFiled: January 7, 2022Date of Patent: September 5, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Pasi Saarinen, Prajwol Kumar Nakarmi
-
Patent number: 11729609Abstract: Network equipment (300, 400) is configured for use in one of multiple different core network domains of a wireless communication system (10). The network equipment (300, 400) is configured to receive a message (60) that has been, or is to be, transmitted between the different core network domains. The network equipment (300, 400) is also configured to apply inter-domain security protection to, or remove inter-domain security protection from, one or more portions of the content of a field in the message according to a protection policy (80). The protection policy (80) includes information indicating to which one or more portions of the content inter-domain security protection is to be applied or removed. The network equipment (300, 400) is also configured to forward the message (60), with inter-domain security protection applied or removed to the one or more portions, towards a destination of the message (60).Type: GrantFiled: February 15, 2019Date of Patent: August 15, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Pasi Saarinen, Jesus-Angel De-Gregorio-Rodriguez, Christine Jost, Pablo Martinez De La Cruz
-
Patent number: 11641376Abstract: Methods and network equipment in a core network for intercepting protected communication between core network (CN) network functions (NFs). A method performed by network equipment in a core network may include establishing a first connection with a first NF for which the network equipment serves as a proxy and establishing, on behalf of the first NF, a second connection that is towards a second NF and that is secure. The method may also include selectively forwarding communication between the first and second NFs over the first and second connections, including transmitting and/or receiving the communication on behalf of the first NF over the second connection. The method may further include intercepting the communication that the network equipment selectively forwards between the first and second NFs.Type: GrantFiled: October 31, 2018Date of Patent: May 2, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventor: Pasi Saarinen
-
Patent number: 11589211Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.Type: GrantFiled: July 14, 2021Date of Patent: February 21, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
-
Publication number: 20230007471Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.Type: ApplicationFiled: July 15, 2022Publication date: January 5, 2023Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar NAKARMI, Pasi Saarinen, Monica Wifvesson
-
Publication number: 20220272534Abstract: A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.Type: ApplicationFiled: May 5, 2022Publication date: August 25, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Patent number: 11399277Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.Type: GrantFiled: November 5, 2020Date of Patent: July 26, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Publication number: 20220210121Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.Type: ApplicationFiled: January 7, 2022Publication date: June 30, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Pasi SAARINEN, Prajwol Kumar NAKARMI
-
Patent number: 11330433Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.Type: GrantFiled: July 17, 2018Date of Patent: May 10, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Patent number: 11228562Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.Type: GrantFiled: September 19, 2018Date of Patent: January 18, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Pasi Saarinen, Prajwol Kumar Nakarmi
-
Publication number: 20210368345Abstract: The disclosure relates to methods of validating a SUCI implemented by a network node in a mobile network. The network node receives a message including the SUCI. Responsive to receipt of the message, the network node obtains a first set of encryption parameters used to generate the SUCI. The network node uses the first set of encryption parameters to de-conceal the SUCI to obtain subscription information associated with a subscription. Subsequently, the network node obtains a second set of encryption parameters associated with the subscription using the subscription information and validates the SUCI based on the second set of encryption parameters. As one example, the network node validates the SUCI by comparing the first set of encryption parameters to the second set of encryption parameters and determining if there is a match.Type: ApplicationFiled: December 20, 2018Publication date: November 25, 2021Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
-
Publication number: 20210345088Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.Type: ApplicationFiled: July 14, 2021Publication date: November 4, 2021Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
-
Patent number: 11102640Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.Type: GrantFiled: December 20, 2018Date of Patent: August 24, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
-
Patent number: 11076288Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.Type: GrantFiled: August 9, 2019Date of Patent: July 27, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Publication number: 20210153010Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.Type: ApplicationFiled: July 17, 2018Publication date: May 20, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen BEN HENDA, David CASTELLANOS ZAMORA, Prajwol Kumar NAKARMI, Pasi SAARINEN, Monica WIFVESSON
-
Publication number: 20210058772Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.Type: ApplicationFiled: November 5, 2020Publication date: February 25, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar NAKARMI, Pasi SAARINEN, Monica WIFVESSON
-
Publication number: 20210037026Abstract: Methods and network equipment in a core network for intercepting protected communication between core network (CN) network functions (NFs). A method performed by network equipment in a core network may include establishing a first connection with a first NF for which the network equipment serves as a proxy and establishing, on behalf of the first NF, a second connection that is towards a second NF and that is secure. The method may also include selectively forwarding communication between the first and second NFs over the first and second connections, including transmitting and/or receiving the communication on behalf of the first NF over the second connection. The method may further include intercepting the communication that the network equipment selectively forwards between the first and second NFs.Type: ApplicationFiled: October 31, 2018Publication date: February 4, 2021Inventor: Pasi Saarinen
-
Publication number: 20210014284Abstract: The disclosure provides techniques for negotiating security mechanisms between security gateways (102A, 102B). In these techniques, an initiating security gateway (102A) sends (302) a request message to a responding security gateway (102B) over a first connection established between the security gateways. The first connection provides integrity protection for 5 the messages. The request message includes one or more security mechanisms supported by the initiating security gateway. Upon receipt, the responding security gateway selects (406) one of the security mechanisms and transmits (408) a response message to the initiating security gateway indicating the selected security mechanism. Signaling messages are then communicated (310, 412) between the security gateways using the selected security 10 mechanism.Type: ApplicationFiled: February 15, 2019Publication date: January 14, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa LEHTOVIRTA, Pablo MARTINEZ DE LA CRUZ, Karl NORRMAN, Pasi SAARINEN, Vesa TORVINEN