Patents by Inventor John Mattsson
John Mattsson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11889293Abstract: A network node (500, 600) in a home network, HN, of a wireless device (10, 300, 400) assigns a different priority to each of one or more parameter sets in a priority list. Each parameter set comprises one or more parameters used for calculating the subscription identifier. The network node (500, 600) provides the wireless device (10, 300, 400) with the priority list to facilitate the calculation of the subscription identifier by the wireless device (10, 300, 400). The wireless device (10, 300, 400) obtains the priority list, and calculates the subscription identifier using a null parameter set or one of the one or more parameter sets in the priority list selected responsive to the defined priorities. The wireless device (10, 300, 400) then informs the HN of the subscription of the wireless device (10, 300, 400) by sending the calculated subscription identifier to the network node (500, 600).Type: GrantFiled: December 20, 2018Date of Patent: January 30, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, David Castellanos Zamora, John Mattsson
-
Publication number: 20230397007Abstract: A communication device establishes a secure connection in a wireless communication network. The communication device communicates a request to use a communication service provided by the wireless communication network, the request including an indication that the communication device can support the requested communication service and an Authentication and Key Management for Applications (AKMA) service provided by the wireless communication network. Responsive to communicating the request, the communication device receives a communication comprising information that indicates whether the requested communication service and the AKMA service can be provided to the communication device to establish the secure connection in the wireless communication network.Type: ApplicationFiled: August 18, 2021Publication date: December 7, 2023Inventors: Monica Wifvesson, Vlasios Tsiatsis, John Mattsson
-
Patent number: 11722561Abstract: A method at a first node for encoding a message for secure transmission to a second node comprising. The method includes receiving the message for transmission to the second node and fragmenting the message into a plurality of fragments, wherein each fragment is of a selected size. The method further includes encoding separately each fragment of the plurality of fragments using Datagram Transport Layer Security (DTLS), combining DTLS encoded fragments into a Stream Control Transmission Protocol (SCTP) message, and transmitting the message as a plurality of DTLS encoded fragments in the SCTP message to the second node.Type: GrantFiled: September 30, 2021Date of Patent: August 8, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Magnus Westerlund, John Mattsson, Claudio Porfiri
-
Publication number: 20220408243Abstract: A user equipment (“UE”) in a wireless communication network can generate a padded identifier by inserting a padding bitstring in a field of an identifier associated with the UE. The UE can further encrypt the padded identifier to generate a concealed padded identifier. The UE can further transmit the concealed padded identifier to a network node operating in the wireless communication network.Type: ApplicationFiled: October 29, 2020Publication date: December 22, 2022Inventors: John MATTSSON, Prajwol Kumar NAKARMI, Erik THORMARKER
-
Publication number: 20220201069Abstract: A method at a first node for encoding a message for secure transmission to a second node comprising. The method includes receiving the message for transmission to the second node and fragmenting the message into a plurality of fragments, wherein each fragment is of a selected size. The method further includes encoding separately each fragment of the plurality of fragments using Datagram Transport Layer Security (DTLS), combining DTLS encoded fragments into a Stream Control Transmission Protocol (SCTP) message, and transmitting the message as a plurality of DTLS encoded fragments in the SCTP message to the second node.Type: ApplicationFiled: September 30, 2021Publication date: June 23, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Magnus WESTERLUND, John MATTSSON, Claudio PORFIRI
-
Patent number: 10931644Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.Type: GrantFiled: June 23, 2015Date of Patent: February 23, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Karl Norrman, Yi Cheng, John Mattsson, Mats Näslund
-
Publication number: 20200389322Abstract: A method for enabling secure group communication in a communication network is performed in a sending node and includes providing signature verification related information to a plurality of listening nodes and sending a group message to the plurality of listening nodes, the group message including signature verification related information of the sending node. A method, nodes, computer programs, and a computer program product enabling secure group communication in a communication network are also presented.Type: ApplicationFiled: November 30, 2018Publication date: December 10, 2020Inventors: Göran SELANDER, John MATTSSON
-
Publication number: 20200267544Abstract: A network node (500, 600) in a home network, HN, of a wireless device (10, 300, 400) assigns a different priority to each of one or more parameter sets in a priority list. Each parameter set comprises one or more parameters used for calculating the subscription identifier. The network node (500, 600) provides the wireless device (10, 300, 400) with the priority list to facilitate the calculation of the subscription identifier by the wireless device (10, 300, 400). The wireless device (10, 300, 400) obtains the priority list, and calculates the subscription identifier using a null parameter set or one of the one or more parameter sets in the priority list selected responsive to the defined priorities. The wireless device (10, 300, 400) then informs the HN of the subscription of the wireless device (10, 300, 400) by sending the calculated subscription identifier to the network node (500, 600).Type: ApplicationFiled: December 20, 2018Publication date: August 20, 2020Inventors: Prajwol Kumar Nakarmi, David Castellanos Zamora, John Mattsson
-
Patent number: 10609020Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: GrantFiled: November 30, 2018Date of Patent: March 31, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: John Mattsson, Salvatore Loreto, Mats Näslund, Robert Skog, Hans Spaak
-
Publication number: 20190109841Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: ApplicationFiled: November 30, 2018Publication date: April 11, 2019Inventors: John MATTSSON, Salvatore LORETO, Mats NÄSLUND, Robert SKOG, Hans SPAAK
-
Patent number: 10178086Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: GrantFiled: November 28, 2014Date of Patent: January 8, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: John Mattsson, Robert Skog, Salvatore Loreto, Hans Spaak, Mats Näslund
-
Publication number: 20190007376Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.Type: ApplicationFiled: June 23, 2015Publication date: January 3, 2019Inventors: Karl NORRMAN, Yi CHENG, John MATTSSON, Mats NÄSLUND
-
Publication number: 20170163624Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: ApplicationFiled: November 28, 2014Publication date: June 8, 2017Inventors: John MATTSSON, Robert SKOG, Salvatore LORETO, Hans SPAAK, Mats NÄSLUND
-
Patent number: 9628271Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.Type: GrantFiled: October 30, 2015Date of Patent: April 18, 2017Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Rolf Blom, Yi Cheng, Fredrik Lindholm, John Mattsson, Mats Naslund, Karl Norrman
-
Patent number: 9467433Abstract: There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful.Type: GrantFiled: June 14, 2012Date of Patent: October 11, 2016Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Monica Wifvesson, Michael Liljenstam, John Mattsson, Karl Norrman
-
Patent number: 9338173Abstract: Methods and apparatuses in a client terminal and a web server for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF?, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF?, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.Type: GrantFiled: November 4, 2014Date of Patent: May 10, 2016Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Karl Norman, John Mattsson, Vesa Petteri Lehtovirta, Oscar Ohlsson
-
Publication number: 20160056959Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.Type: ApplicationFiled: October 30, 2015Publication date: February 25, 2016Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Rolf BLOM, Yi CHENG, Fredrik LINDHOLM, John MATTSSON, Mats NASLUND, Karl NORRMAN
-
Patent number: 9178696Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.Type: GrantFiled: November 30, 2007Date of Patent: November 3, 2015Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Rolf Blom, Yi Cheng, Fredrik Lindholm, John Mattsson, Mats Naslund, Karl Norrman
-
Patent number: 8990563Abstract: A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.Type: GrantFiled: June 8, 2011Date of Patent: March 24, 2015Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Rolf Blom, John Mattsson, Oscar Ohlsson
-
Publication number: 20150058980Abstract: Methods and apparatuses in a client terminal and a web server for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF?, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF?, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.Type: ApplicationFiled: November 4, 2014Publication date: February 26, 2015Inventors: Karl Norrman, John Mattsson, Vesa Petteri Lehtovirta, Oscar Ohlsson