Patents by Inventor Kari Kostiainen
Kari Kostiainen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220391900Abstract: A method for operating a mining pool includes running, by a mining pool operator, a blockchain node and at least one enclave. The blockchain node is connected to the enclave as well as to a blockchain P2P network and to a publicly available site. The method further includes checking, by the blockchain node, validity of incoming blocks and transactions received from the blockchain P2P network, and forwarding information on the received blocks and transactions to the at least one enclave. The method further includes creating, by the at least one enclave, a state transparency log and inserting the block and transaction information received from the blockchain node into the state transparency log, and signing, by the at least one enclave, the state transparency log and publishing the state transparency log at the publicly available site.Type: ApplicationFiled: September 25, 2020Publication date: December 8, 2022Inventors: Karl Wuest, Kari Kostiainen, Ghassan Karame, Srdjan Capkun
-
Patent number: 11303445Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a trusted execution environment (TEE). A secure communication is established between the lightweight blockchain client and the TEE. The TEE receives a request from the lightweight blockchain client for at least one transaction or address of the lightweight blockchain client. The TEE obtains unspent transaction output (UTXO) information with respect to the request from the lightweight blockchain client from a UTXO database by oblivious database access using an oblivious RAM (ORAM) protocol.Type: GrantFiled: March 27, 2019Date of Patent: April 12, 2022Assignee: NEC CORPORATIONInventors: Sinisa Matetic, Karl Wuest, Moritz Schneider, Kari Kostiainen, Ghassan Karame, Srdjan Capkun
-
Publication number: 20210314172Abstract: Block chain registries track the handling of private keys for validating the integrity of private keys for SSL certificates and other forms of private keys presented during transaction requests.Type: ApplicationFiled: April 6, 2021Publication date: October 7, 2021Inventors: Alfred Tom, Jörg Brakensiek, Kari Kostiainen
-
Publication number: 20200328889Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a trusted execution environment (TEE). A secure communication is established between the lightweight blockchain client and the TEE. The TEE receives a request from the lightweight blockchain client for at least one transaction or address of the lightweight blockchain client. The TEE obtains unspent transaction output (UTXO) information with respect to the request from the lightweight blockchain client from a UTXO database by oblivious database access using an oblivious RAM (ORAM) protocol.Type: ApplicationFiled: March 27, 2019Publication date: October 15, 2020Inventors: Sinisa Matetic, Karl Wuest, Moritz Schneider, Kari Kostiainen, Ghassan Karame, Srdjan Capkun
-
Patent number: 9787667Abstract: A apparatus and a method for attested sensor data reporting, wherein a challenge is received from an online service; sensor data is read; and a sensor data signature based on the sensor data is created and sent to the online service.Type: GrantFiled: October 16, 2012Date of Patent: October 10, 2017Assignee: Nokia Technologies OyInventor: Kari Kostiainen
-
Patent number: 9756036Abstract: A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.Type: GrantFiled: June 5, 2013Date of Patent: September 5, 2017Assignee: Nokia Technologies OyInventors: Kari Kostiainen, Nadarajah Asokan
-
Publication number: 20150281219Abstract: A apparatus and a method for attested sensor data reporting, wherein a challenge is received from an online service; sensor data is read; and a sensor data signature based on the sensor data is created and sent to the online service.Type: ApplicationFiled: October 16, 2012Publication date: October 1, 2015Inventor: Kari Kostiainen
-
Patent number: 9087198Abstract: In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (2) a value of a platform configuration register identified by a reference integrity metric to reflect a measurement value provided by the reference integrity metric, and responding to an attestation request (0) with an attestation response (5) including dynamic information from the platform configuration register that was reset and system state information from a non-resettable platform configuration register.Type: GrantFiled: February 14, 2011Date of Patent: July 21, 2015Assignee: Nokia Technologies OyInventors: Jan-Erik Ekberg, Nadarajah Asokan, Kari Kostiainen
-
Patent number: 8984279Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar.Type: GrantFiled: December 28, 2006Date of Patent: March 17, 2015Assignee: Core Wireless Licensing S.A.R.L.Inventors: Kari Kostiainen, Seamus Moloney, Olli Rantapuska
-
Patent number: 8621203Abstract: An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.Type: GrantFiled: June 22, 2009Date of Patent: December 31, 2013Assignee: Nokia CorporationInventors: Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Ville Aarni, Miikka Sainio, Niklas Von Knorring, Dmitry Kolesnikov, Atte Lahtiranta
-
Publication number: 20130340064Abstract: A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.Type: ApplicationFiled: June 5, 2013Publication date: December 19, 2013Inventors: Kari Kostiainen, Nadarajah Asokan
-
Patent number: 8484466Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.Type: GrantFiled: November 16, 2006Date of Patent: July 9, 2013Assignee: Nokia CorporationInventors: Janne Marin, Kari Kostiainen, Nadarajah Asokan, Seamus Moloney, Philip Ginzboorg, Javier Lafuente
-
Publication number: 20120311315Abstract: In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (2) a value of a platform configuration register identified by a reference integrity metric to reflect a measurement value provided by the reference integrity metric, and responding to an attestation request (0) with an attestation response (5) including dynamic information from the platform configuration register that was reset and system state information from a non-resettable platform configuration register.Type: ApplicationFiled: February 14, 2011Publication date: December 6, 2012Applicant: NOKIA CORPORATIONInventors: Jan-Erik Ekberg, Nadarajah Asokan, Kari Kostiainen
-
Publication number: 20100325427Abstract: An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.Type: ApplicationFiled: June 22, 2009Publication date: December 23, 2010Applicant: Nokia CorporationInventors: Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Ville Aarni, Miikka Sainio, Niklas Von Knorring, Dmitry Kolesnikov, Atte Lahtiranta
-
Publication number: 20100005294Abstract: A methodology of using an (preferably uni-directional) out-of-band channel for secure information transmission between two devices capable for LPRF communication is provided. Information, which is intended for secure transmission from one of the devices to the other device, is encoded into a time dependent visual sequence. The visual sequence may comprise one or more visual signals, in particular lighted-up and dark states. The visual sequence is emitted in a time-dependent visual signal by a light emitter of the one device and the emitted signal is detected by a light sensor of the other device on the basis of the detected signal. The time-dependent signal especially timely varies in the light intensity. The light sensor generates a (time-dependent) sequence of detection signals. These detection signals are decoded to reconstruct the information intended for secure transmission.Type: ApplicationFiled: October 18, 2005Publication date: January 7, 2010Inventors: Kari Kostiainen, Jan-Erik Ekberg, Nitesh Saxena
-
Publication number: 20090327713Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.Type: ApplicationFiled: November 16, 2006Publication date: December 31, 2009Inventors: Janne Marin, Kari Kostiainen, Nadarajah Asokan, Seamus Moloney, Philip Ginzboorg, Javiar Lafuente
-
Publication number: 20080141347Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar.Type: ApplicationFiled: December 28, 2006Publication date: June 12, 2008Inventors: Kari Kostiainen, Seamus Moloney, Olli Rantapuska
-
Publication number: 20080065776Abstract: A method for connecting a first device and a second device. The method comprises associating at a third party temporary unique information with information associated with said first device; receiving from said third party said unique information at said first device; inputting said unique information to said second device; sending said unique information from said second device to said third party; and receiving from said third party at said second device said associated information.Type: ApplicationFiled: July 18, 2007Publication date: March 13, 2008Inventors: Seamus Moloney, Nadarajah Asokan, Kari Kostiainen, Jose Costa-Requena
-
Publication number: 20060251256Abstract: Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.Type: ApplicationFiled: June 29, 2005Publication date: November 9, 2006Applicant: Nokia CorporationInventors: Nadarajah Asokan, Philip Ginzboorg, Seamus Moloney, Kari Kostiainen, Sampo Sovio, Jan-Erik Ekberg, Jari Takala
-
Patent number: 4722154Abstract: A room unit (1) and a method for the construction and the position mounting of the box-like room unit (1), for instance a cabin, a module assembled from room elements or the like. The room unit intended for an arrangement operable in marine enviroments, for instance for a ship, an offshore construction or the like. The room unit is located on an at least mainly even underlaying (14) of the arrangement, for instance on a ship's deck (14). The method comprises the inclusion of the room unit (1) with a roof (4), walls (2,3) and a floor (12), the lower portion of the wall (2,3) being attached at the outer edge of the self-supporting floor (12). The floor (12) is provided by adjustable damping appliances (21) operable from the interior of the room unit (1). The moving of the room unit (1) is carried out by supporting the unit (1) temporarily at a bag-like air cushion device and at one stabilizing device at least.Type: GrantFiled: November 19, 1986Date of Patent: February 2, 1988Assignee: Oy Wartsila AbInventors: Hannu Virta, Unto Asikainen, Kari Kostiainen, Jarmo Wacker