Patents by Inventor Bengt Sahlin
Bengt Sahlin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11722473Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: GrantFiled: February 23, 2021Date of Patent: August 8, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Publication number: 20210176227Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: ApplicationFiled: February 23, 2021Publication date: June 10, 2021Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
-
Patent number: 10965660Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: GrantFiled: September 3, 2019Date of Patent: March 30, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Patent number: 10659447Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: GrantFiled: July 24, 2018Date of Patent: May 19, 2020Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Publication number: 20190394184Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: ApplicationFiled: September 3, 2019Publication date: December 26, 2019Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
-
Patent number: 10356619Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.Type: GrantFiled: March 13, 2018Date of Patent: July 16, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Publication number: 20180332021Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: ApplicationFiled: July 24, 2018Publication date: November 15, 2018Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
-
Patent number: 10057232Abstract: A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.Type: GrantFiled: April 12, 2016Date of Patent: August 21, 2018Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Publication number: 20180206118Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.Type: ApplicationFiled: March 13, 2018Publication date: July 19, 2018Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Patent number: 9949118Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: GrantFiled: August 6, 2015Date of Patent: April 17, 2018Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Patent number: 9787661Abstract: A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.Type: GrantFiled: July 13, 2015Date of Patent: October 10, 2017Assignee: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Publication number: 20160255070Abstract: A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.Type: ApplicationFiled: April 12, 2016Publication date: September 1, 2016Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Publication number: 20160255064Abstract: A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.Type: ApplicationFiled: July 13, 2015Publication date: September 1, 2016Inventors: Mats NASLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
-
Publication number: 20150341788Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: ApplicationFiled: August 6, 2015Publication date: November 26, 2015Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Patent number: 9137231Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: GrantFiled: November 26, 2013Date of Patent: September 15, 2015Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Publication number: 20150079941Abstract: There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message.Type: ApplicationFiled: May 15, 2012Publication date: March 19, 2015Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Jari Arkko, Anna Larmo, Karl Norrman, Bengt Sahlin, Kristian Slavov
-
Patent number: 8819765Abstract: A method and arrangement for distributing a security policy to a communication terminal having an association with a home communication network, but being present in a visited communication network. The home communication network generates its own preferred security policy Ph and the visited communication network generates its own preferred security policy Pv. A communication network entity in the visited communication network combines the security policies and selects security algorithms and/or functions to apply from the combined security policy. By generating security policy vectors of both networks and combining them before the security algorithms are selected, both networks are able to influence the selection without requiring the use of signaling messages.Type: GrantFiled: January 22, 2008Date of Patent: August 26, 2014Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Mats Naslund, Michael Liljenstam, Karl Norrman, Bengt Sahlin
-
Publication number: 20140096193Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: ApplicationFiled: November 26, 2013Publication date: April 3, 2014Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Patent number: 8621570Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: GrantFiled: November 5, 2008Date of Patent: December 31, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Mats Naslund, Jari Arkko, Rolf Blom, Vesa Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Publication number: 20110035787Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: ApplicationFiled: November 5, 2008Publication date: February 10, 2011Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Naslund, Jari Arkko, Rolf Blom, Vesa Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin