Patents by Inventor Kristian Slavov
Kristian Slavov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11968529Abstract: There is provided mechanisms for authenticating a first radio communication device with a network. A method is performed by the first radio communication device. The method comprises obtaining credentials for a network subscription to the network. The method comprises obtaining an upper part of a radio protocol stack, according to which radio protocol stack the first radio communication device is configured to communicate with the network. The method comprises authenticating with the network. The method comprises providing, to a second radio communication device, at least one key, as derived from the credentials during the authenticating, for use by the second radio communication device when executing the remaining part of the radio protocol stack for communication between the second radio communication device and the network.Type: GrantFiled: March 15, 2019Date of Patent: April 23, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Patrik Salmela, Per Ståhl, Kristian Slavov, Vesa Lehtovirta
-
Patent number: 11496894Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.Type: GrantFiled: August 13, 2015Date of Patent: November 8, 2022Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Mohit Sethi, Parth Amin, Patrik Salmela, Kristian Slavov
-
Publication number: 20220201479Abstract: There is provided mechanisms for authenticating a first radio communication device with a network. A method is performed by the first radio communication device. The method comprises obtaining credentials for a network subscription to the network. The method comprises obtaining an upper part of a radio protocol stack, according to which radio protocol stack the first radio communication device is configured to communicate with the network. The method comprises authenticating with the network. The method comprises providing, to a second radio communication device, at least one key, as derived from the credentials during the authenticating, for use by the second radio communication device when executing the remaining part of the radio protocol stack for communication between the second radio communication device and the network.Type: ApplicationFiled: March 15, 2019Publication date: June 23, 2022Inventors: Patrik Salmela, Per STÅHL, Kristian Slavov, Vesa Lehtovirta
-
Patent number: 11252572Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.Type: GrantFiled: May 26, 2016Date of Patent: February 15, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Patrik Salmela, Joona Kannisto, Mohit Sethi, Kristian Slavov
-
Publication number: 20210390450Abstract: There is provided mechanisms for a manufacturer of an ML model to embed at least one marker in an electronic file. A method comprises obtaining the electronic file. The electronic file represents content that causes the ML model to determine an output for the electronic file according to a first processing strategy. The method comprises embedding, in the electronic file, the at least one marker that, only when detected by the ML model, causes the output of the electronic file to be determined according to a second processing strategy. The second processing strategy is unrelated to the first processing strategy and deterministically defined by the at least one marker.Type: ApplicationFiled: October 1, 2018Publication date: December 16, 2021Inventors: Kristian Slavov, Patrik Salmela, Edgar Ramos
-
Patent number: 11075771Abstract: A method (10) for generating operating entropy is provided. The method (10) is performed by a cloud computing entity (2) run on shared underlying resources (3). The method (10) comprises: sending (11) a respective entropy request to one or more servers (5a, 5b, 5c), inserting in each entropy request a respective timestamp, receiving (12) a response from each of the one or more servers (5a, 5b, 5c), each response payload comprising random bytes of unknown amount of entropy, verifying (13) validity of each response by comparing the respective timestamp in each response to a corresponding stored timestamp, and generating (14) the operating entropy based on at least one of the received responses. A cloud computing entity (2), a computer program and a computer program product are also provided.Type: GrantFiled: June 22, 2017Date of Patent: July 27, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mohit Sethi, Nicklas Beijar, Kristian Slavov
-
Patent number: 11063981Abstract: It is provided a method performed in a gateway and comprises the steps of: receiving a first client request from the client device, the first client request comprising a first fully qualified domain name, FQDN; transmitting a gateway request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; generating a second FQDN, based on the first FQDN and an identifier of the client device; generating a client specific shared key based on the second FQDN and a shared key; generating a redirect message comprising the second FQDN, an authentication request, a context identifier and the client specific shared key; transmitting the redirect message to the client device; receiving a second client request from the client device; and generating an authentication response in case the second client request fails to comprise an authentication response.Type: GrantFiled: September 11, 2015Date of Patent: July 13, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Patrik Salmela, Mohit Sethi, Kristian Slavov
-
Publication number: 20200145236Abstract: A method (10) for generating operating entropy is provided. The method (10) is performed by a cloud computing entity (2) run on shared underlying resources (3). The method (10) comprises: sending (11) a respective entropy request to one or more servers (5a, 5b, 5c), inserting in each entropy request a respective timestamp, receiving (12) a response from each of the one or more servers (5a, 5b, 5c), each response payload comprising random bytes of unknown amount of entropy, verifying (13) validity of each response by comparing the respective timestamp in each response to a corresponding stored timestamp, and generating (14) the operating entropy based on at least one of the received responses. A cloud computing entity (2), a computer program and a computer program product are also provided.Type: ApplicationFiled: June 22, 2017Publication date: May 7, 2020Inventors: Mohit Sethi, Nicklas Beijar, Kristian Slavov
-
Publication number: 20190223009Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.Type: ApplicationFiled: May 26, 2016Publication date: July 18, 2019Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Patrik SALMELA, Joona KANNISTO, Mohit SETHI, Kristian SLAVOV
-
Patent number: 10284562Abstract: It is disclosed a method and a capillary gateway, CGW, (50, 60, 204, 304) capable to determine whether to allow a first machine-to-machine, M2M, device network access. The CGW is adapted to intercept (310) an authentication request message sent from a M2M device, and intercept (318) an authentication response message sent from a M2M management service. If the CGW determines that the authentication is successful based on the authentication response message and that there is a valid subscription for the M2M device and the authentication response message is received from a trusted management service, the CGW may allow (414) the first M2M device network access. Embodiments of the present disclosure have the advantage that disclosure can provide low-powered devices Internet reachability based on user subscriptions in non-traditional scenarios such as where devices are deployed straight out-of-the-box, i.e., without any customization.Type: GrantFiled: May 16, 2014Date of Patent: May 7, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Kristian Slavov, Patrik Salmela
-
Publication number: 20190058735Abstract: It is provided a method performed in a gateway and comprises the steps of: receiving a first client request from the client device, the first client request comprising a first fully qualified domain name, FQDN; transmitting a gateway request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; generating a second FQDN, based on the first FQDN and an identifier of the client device; generating a client specific shared key based on the second FQDN and a shared key; generating a redirect message comprising the second FQDN, an authentication request, a context identifier and the client specific shared key; transmitting the redirect message to the client device; receiving a second client request from the client device; and generating an authentication response in case the second client request fails to comprise an authentication response.Type: ApplicationFiled: September 11, 2015Publication date: February 21, 2019Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Patrik SALMELA, Mohit SETHI, Kristian SLAVOV
-
Publication number: 20180310172Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator. EAP authentication server and computer program are also disclosed.Type: ApplicationFiled: August 13, 2015Publication date: October 25, 2018Inventors: Mohit SETHI, Parth AMIN, Patrik SALMELA, Kristian SLAVOV
-
Patent number: 9985967Abstract: According to a first aspect, it is presented a method, executed in a gateway, the gateway being arranged to facilitate communication between a client device and an application server. The method comprises the steps of: receiving a client request from the client device, the client request comprising at least a portion being bound for the application server; sending an application server request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; establishing at least one authentication credential using an authentication server for a connection between the client device and the application server; and sending a client response to the client device, the client response being based on the application server response and comprising the at least one authentication credential. An associated gateway, client device, vehicle, computer program and computer program product are also presented.Type: GrantFiled: May 29, 2013Date of Patent: May 29, 2018Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Patrik Salmela, Vesa Lehtovirta, Mohit Sethi, Kristian Slavov
-
Publication number: 20170093868Abstract: It is disclosed a method and a capillary gateway, CGW, (50, 60, 204, 304) capable to determine whether to allow a first machine-to-machine, M2M, device network access. The CGW is adapted to intercept (310) an authentication request message sent from a M2M device, and intercept (318) an authentication response message sent from a M2M management service. If the CGW determines that the authentication is successful based on the authentication response message and that there is a valid subscription for the M2M device and the authentication response message is received from a trusted management service, the CGW may allow (414) the first M2M device network access. Embodiments of the present disclosure have the advantage that disclosure can provide low-powered devices Internet reachability based on user subscriptions in non-traditional scenarios such as where devices are deployed straight out-of-the-box, i.e., without any customization.Type: ApplicationFiled: May 16, 2014Publication date: March 30, 2017Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Kristian SLAVOV, Patrik SALMELA
-
Patent number: 9569237Abstract: A method is presented of establishing communications with a Virtual Machine, VM, in a virtualized computing environment using a 3GPPcommunications network. The method includes establishing a Machine-to-Machine Equipment Platform, M2MEP, which comprises a Communications Module, CM, providing an end-point of a communication channel between the 3GPP network and the VM. A virtual Machine-to-Machine Equipment is established that comprises a VM running on the M2MEP and a downloadable Subscriber Identity Module, associated with the CM. The Subscriber Identity Module includes security data and functions for enabling access via the 3GPP network. The CM utilizes data in the Subscriber Identity Module for controlling communication over the communication channel between the VM and the 3GPP network.Type: GrantFiled: December 29, 2011Date of Patent: February 14, 2017Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Jukka Ylitalo, András Méhes, Patrik Salmela, Kristian Slavov
-
Remote provisioning of 3GPP downloadable subscriber identity module for virtual machine applications
Patent number: 9549321Abstract: A method is presented of providing a subscriber identity for the provision of services on behalf of the subscriber in a virtual computing environment. The method includes receiving a request to establish an execution environment for a virtual machine-to-machine equipment, vM2 M E. The vM2ME is provided, comprising software for execution in the virtual computing environment and a downloadable Subscriber Identity Module. A Communications Module, CM, is set up for execution in a domain of a virtualization platform. The CM provides an end-point for communications between the vM2ME and a 3GPP network. The Subscriber Identity Module is installed for execution together with the CM, the Subscriber Identity Module including a 3GPP identity of the subscriber, security data and functions for enabling access to the vM2ME via the 3GPP network.Type: GrantFiled: December 29, 2011Date of Patent: January 17, 2017Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Kristian Slavov, Patrik Salmela, Jukka Ylitalo -
Publication number: 20160119343Abstract: According to a first aspect, it is presented a method, executed in a gateway, the gateway being arranged to facilitate communication between a client device and an application server. The method comprises the steps of: receiving a client request from the client device, the client request comprising at least a portion being bound for the application server; sending an application server request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; establishing at least one authentication credential using an authentication server for a connection between the client device and the application server; and sending a client response to the client device, the client response being based on the application server response and comprising the at least one authentication credential. An associated gateway, client device, vehicle, computer program and computer program product are also presented.Type: ApplicationFiled: May 29, 2013Publication date: April 28, 2016Inventors: Patrik Salmela, Vesa Lehtovirta, Mohit Sethi, Kristian Slavov
-
Patent number: 9286100Abstract: A method of migrating a virtual machine comprises a first manager, managing a first computing environment (such as a computing cloud), initiates migration of a virtual machine currently executing on a first vM2ME (virtual machine-to-machine equipment) in the first computing environment to a second computing environment (such as another computing cloud). Once the VM has migrated, the first manager disables execution of the first vM2ME.Type: GrantFiled: December 29, 2011Date of Patent: March 15, 2016Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Patrik Salmela, Kristian Slavov, Jukka Ylitalo
-
Publication number: 20150079941Abstract: There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message.Type: ApplicationFiled: May 15, 2012Publication date: March 19, 2015Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Jari Arkko, Anna Larmo, Karl Norrman, Bengt Sahlin, Kristian Slavov
-
Publication number: 20140373012Abstract: A method is presented of establishing communications with a Virtual Machine, VM, in a virtualised computing environment using a 3GPPcommunications network. The method includes establishing a Machine-to-Machine Equipment Platform, M2MEP, which comprises a Communications Module, CM, providing an end-point of a communication channel between the 3GPP network and the VM. A virtual Machine-to-Machine Equipment is established that comprises a VM running on the M2MEP and a downloadable Subscriber Identity Module, associated with the CM. The Subscriber Identity Module includes security data and functions for enabling access via the 3GPP network. The CM utilises data in the Subscriber Identity Module for controlling communication over the communication channel between the VM and the 3GPP network.Type: ApplicationFiled: December 29, 2011Publication date: December 18, 2014Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Jukka Ylitalo, András Méhes, Patrik Salmela, Kristian Slavov