Patents by Inventor Christine Jost

Christine Jost has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11595370
    Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: February 28, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christine Jost, Vesa Lehtovirta, Ivo Sedlacek, Vesa Torvinen
  • Publication number: 20230056723
    Abstract: A method performed by a service communication proxy (SCP). The method comprises determining whether or not there is a mismatch between a first list of Network Function (NF) service producers in an authorization token and a second list of NF service producers in a discovery response. The method further comprises responsive to determining that there is a mismatch between the first list of NF service producers and the second list of NF service producers, transmitting a service response error message to an NF consumer device that transmitted the authorization token, the service response error message indicating a mismatch between the authorization token and the discovery response.
    Type: Application
    Filed: January 14, 2021
    Publication date: February 23, 2023
    Inventor: Christine JOST
  • Patent number: 11539683
    Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: December 27, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
  • Publication number: 20220360980
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Application
    Filed: July 22, 2022
    Publication date: November 10, 2022
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Publication number: 20220279343
    Abstract: A first network node operating in a telecommunications network can receive an authentication request associated with a communication device requesting registration with the telecommunications network. The authentication request can include first subscriber information. The first network node can determine that the first subscriber information includes an anonymous identifier. Responsive to determining that the first subscriber information includes the anonymous identifier, the network node can determine an authentication procedure to be performed. The network node can receive information associated with the communication device as part of the authentication procedure. The network node can generate second subscriber information based on the information associated with the communication device.
    Type: Application
    Filed: June 25, 2021
    Publication date: September 1, 2022
    Inventors: Cheng Wang, David Castellanos ZAMORA, Helena Vahidi Mazinani, Christine Jost
  • Patent number: 11432141
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: August 30, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Patent number: 11388592
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: July 12, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Patent number: 11381387
    Abstract: Methods, network nodes, computer programs, carrier and user equipment, wherein a proof-of-presence in communications between private land mobile networks (PLMNs) is presented. In an example method performed by a network node in a home public land mobile network (HPLMN) of a user equipment (UE), the network node obtains, from a visited public land mobile network (VPLMN), a proof-of-presence indicator that represents the UE as being present in the VPLMN. The network node verifies whether or not the UE is present in the VPLMN by determining whether or not the proof-of-presence indicator was generated by the UE using a secret shared between the UE and at least the HPLMN. Upon verification of the presence of the UE in the VPLMN, sensitive information can be communicated by the HPLMN to the VPLMN.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: July 5, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Lehtovirta, Vesa Torvinen
  • Publication number: 20220167153
    Abstract: A method performed by a mobile terminal for verifying at least one privacy profile setting for positioning of the mobile terminal to a location network node in a communications network is provided. The method includes receiving a request from the location network node for the mobile terminal to provide a position of the mobile terminal. The method further includes checking the at least one privacy profile setting of the mobile terminal for permission to provide position information of the mobile terminal. The method further includes determining whether to send the positioning information of the mobile terminal to the location network node based on the checking the at least one privacy profile setting. Methods performed by a network node are also provided.
    Type: Application
    Filed: March 3, 2020
    Publication date: May 26, 2022
    Inventors: Prajwol Kumar NAKARMI, Åke BUSIN, David CASTELLANOS ZAMORA, Christine JOST
  • Publication number: 20220167167
    Abstract: A method performed by a core network node (300) of a wireless communication system includes receiving a (902) registration request to register a fixed network residential gateway, FN-RG, to the core network, obtaining (904) an identifier associated with the FN-RG, and determining (906), based on the identifier of the FN-RG, that authentication of the FN-RG by the core network is not required.
    Type: Application
    Filed: February 24, 2020
    Publication date: May 26, 2022
    Inventors: Christine Jost, Helena Vahidi Mazinani, Noamen Ben Henda, Vesa Lehtovirta
  • Publication number: 20220150694
    Abstract: A method for key derivation for non-3GPP access. The method includes determining a particular non-3GPP access type, wherein the particular non-3GPP access type is one of N different particular non-3GPP access types (N>1), and each one of the N particular non-3GPP access types is associated with a unique access type distinguisher value. The method also includes generating (s604) a first access network key using a key derivation function and the unique access type distinguisher value with which the determined particular non-3GPP access type is associated, thereby generating a first access network key for the particular non-3GPP access type.
    Type: Application
    Filed: February 13, 2020
    Publication date: May 12, 2022
    Inventors: Vesa Lehtovirta, Christine Jost, Helena Vahidi Mazinani
  • Patent number: 11330428
    Abstract: Core network equipment (20) in a wireless communication system transmits control plane signaling (22) to a user equipment (16) which receives that control plane signaling (22). The control plane signaling (22) indicates a privacy key (24) with which a subscriber identifier (e.g., an international mobile subscriber identity, IMSI) associated with the user equipment (16) is to be encrypted or decrypted. The control plane signaling (22) may be non-access stratum, NAS, signaling. The privacy key (24) may be a public key of a home network associated with the subscriber identifier.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: May 10, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christine Jost, Peter Hedman, Monica Wifvesson
  • Publication number: 20210409952
    Abstract: The invention relates to a method is performed by a wireless device. The method comprises transmitting (step 1), by the wireless device, capability signaling which indicates one or more values that the wireless device supports for a security parameter. The method further comprises receiving (step 7), by the wireless device, selection signaling that indicates a value selected (step 4a) by a home network of the wireless device for the security parameter and that includes integrity-checking information (step 4c). The method further comprises checking (step 10), using the integrity-checking information and a security key shared with the home network, an integrity of integrity-protected information, wherein the integrity-protected information includes the capability signaling as received by the home network.
    Type: Application
    Filed: November 5, 2019
    Publication date: December 30, 2021
    Inventors: Christine Jost, Helena Vahidi Mazinani
  • Publication number: 20210392498
    Abstract: A User Equipment, UE, (120), a network node (110, 111, 140) and methods therein, for detection that the UE has been communicating with a non-legitimate device (150) which impersonates a network node of a legitimate network. In this method, the UE or the network node obtains information regarding technical details of the transmission of a service received by the UE, wherein the information comprises a generation of the RAT/mobile network used for the transmission. The UE then provides the technical details to a user of the UE and/or to an application on the UE. The network node is also able to determine that the service was received from the non-legitimate device when the technical details do not correspond to the technical details expected for the legitimate network.
    Type: Application
    Filed: October 25, 2019
    Publication date: December 16, 2021
    Applicant: Telefonaktiebolaget LM Ericsson (gubl)
    Inventors: Prajwol Kumar NAKARMI, Christine JOST, Vlasios TSIATSIS
  • Publication number: 20210377729
    Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request, and sending an integrity protected part of the registration request to the source first network function via the target second network function.
    Type: Application
    Filed: August 16, 2021
    Publication date: December 2, 2021
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christine Jost, Noamen Ben Henda, Qian Chen, Peter Hedman, Lars-Bertil Olsson, Vesa Torvinen
  • Publication number: 20210360397
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.
    Type: Application
    Filed: July 30, 2021
    Publication date: November 18, 2021
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Patent number: 11102649
    Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request (1200), and sending an integrity protected part of the registration request to the source first network function via the target second network function (1202). Also disclosed are methods of operating first and second network functions.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: August 24, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Christine Jost, Noamen Ben Henda, Qian Chen, Peter Hedman, Lars-Bertil Olsson, Vesa Torvinen
  • Patent number: 11096045
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: August 17, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Publication number: 20210203643
    Abstract: Network equipment (300) is configured as a proxy (40, 50) for one of multiple different core network domains of a wireless communication system (10). The network equipment (300, 400) is configured to receive a message (60) that has been, or is to be, transmitted between the different core network domains. The network equipment (300, 400) is further configured to perform inter-domain security measures according to a security policy (80). The security policy (80) may indicate which one or more portions of (e.g., the content of a field in) the message (60) are to be used by inter-domain security measures (e.g., inter-domain anti-spoofing measures) and/or which types of messages are to be used by the inter-domain security measures.
    Type: Application
    Filed: May 20, 2019
    Publication date: July 1, 2021
    Inventors: Christine Jost, Juha Kujanen, Helena Vahidi Mazinani
  • Publication number: 20210204118
    Abstract: Core network equipment (20) in a wireless communication system transmits control plane signaling (22) to a user equipment (16) which receives that control plane signaling (22). The control plane signaling (22) indicates a privacy key (24) with which a subscriber identifier (e.g., an international mobile subscriber identity, IMSI) associated with the user equipment (16) is to be encrypted or decrypted. The control plane signaling (22) may be non-access stratum, NAS, signaling. The privacy key (24) may be a public key of a home network associated with the subscriber identifier.
    Type: Application
    Filed: February 23, 2018
    Publication date: July 1, 2021
    Inventors: Christine Jost, Peter Hedman, Monica Wifvesson