Patents by Inventor Mats Näslund

Mats Näslund has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10396996
    Abstract: A method (500) of generating a cryptographic checksum for a message M(x) is provided. The method comprises pseudo-randomly selecting (502) at least two irreducible polynomials pi(x). Each irreducible polynomial pi(x) is selected based on a first cryptographic key from the set of irreducible polynomials of degree ni over a Galois Field. The method further comprises calculating (503) a generator polynomial p(x) of degree n=formula (I) as a product of the N irreducible polynomials formula (II), and calculating (505) the cryptographic checksum as a first function g of a division of a second function of M(x), ƒ(M(x)), modulo p(x), i.e., g(ƒ(M(x)) mod p(x)). By replacing a standard checksum, such as a Cyclic Redundancy Check (CRC), with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security.
    Type: Grant
    Filed: August 19, 2014
    Date of Patent: August 27, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Elena Dubrova, Fredrik Lindqvist, Göran Selander
  • Patent number: 10356619
    Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: July 16, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 10313125
    Abstract: A method (500) of generating a cryptographic checksum for a message M(x) is provided. The method comprises pseudo-randomly selecting (502) a generator polynomial p(x) from the set of polynomials of degree n over a Galois Field and calculating (504) the cryptographic checksum as a first function g of a division of a second function of M(x), ƒ(M(x)), modulo p(x), g(ƒ(M(x))mod p(x)). The generator polynomial p(x) is pseudo-randomly selected based on a first cryptographic key. By replacing a standard checksum, such as a Cyclic Redundancy Check (CRC), with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security. Further, a corresponding computer program, a corresponding computer program product, and a checksum generator for generating a cryptographic checksum, are provided.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: June 4, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Elena Dubrova, Fredrik Lindqvist, Mats Näslund, Göran Selander
  • Patent number: 10289810
    Abstract: Disclosed is, among other things, a method for distributing content items to authorized users. The method comprising: a content owner device (190), COD, obtaining a first content item (196a); the COD (190) obtaining a first tag associated with the first content item (196a); the COD (190) obtaining a first content key, CK1, for said first content item (196a); the COD (190) encrypting the first content item (196a) using CK1, thereby producing a first encrypted content item; the COD (190) using at least the first tag and a key derivation function, KDF, to derive a first derived key, DK1; the COD (190) encrypting CK1 using the DK1, thereby producing a first encrypted content key, ECK1; and the COD (190) transmitting information to a content server (108), the information comprising: the first encrypted content item and the first tag.
    Type: Grant
    Filed: February 27, 2014
    Date of Patent: May 14, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Tommy Arngren, Mats Näslund
  • Publication number: 20190109841
    Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.
    Type: Application
    Filed: November 30, 2018
    Publication date: April 11, 2019
    Inventors: John MATTSSON, Salvatore LORETO, Mats NÄSLUND, Robert SKOG, Hans SPAAK
  • Patent number: 10219158
    Abstract: This disclosure relates to methods and apparatuses for protection of control plane functionality of a network node of a communications network providing wireless communication to a mobile terminal. The network node is configured to support control plane signaling with the mobile terminal. A communication context for the mobile terminal is maintained, wherein the communication context is associated with a control signaling message exchange between the mobile terminal and the network node. One method includes establishing, for a received message, a communication context to which it belongs; determining, in relation to information in the established communication context, the received message to be a message conforming to a protection rule or a message violating a protection rule; and handling the message in accordance with rules of a protection policy. Related network nodes, computer programs, and computer program products are disclosed.
    Type: Grant
    Filed: February 21, 2014
    Date of Patent: February 26, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Michael Liljenstam, Prajwol Kumar Nakarmi, Oscar Ohlsson, Mats Näslund
  • Publication number: 20190037404
    Abstract: A method and arrangements for enabling authentication of a communication device is suggested, where a network node, capable of operating as an authentication server does not have to store all state related information relevant for a roundtrip of an authentication session. Instead of storing all this information, at least a part of it is provided to the authenticator or the communication unit, for later retrieval in a subsequent response. Based on the state related information provided in the response, the network node is capable of reproducing a state associated with a respective roundtrip. By repeating the mentioned process for a required number of roundtrips, an authentication session can be executed, where less state related information need to be stored at the mentioned network node.
    Type: Application
    Filed: October 4, 2018
    Publication date: January 31, 2019
    Inventors: Mats NÄSLUND, Elena DUBROVA, Karl NORRMAN, Vesa TORVINEN
  • Patent number: 10178086
    Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: January 8, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: John Mattsson, Robert Skog, Salvatore Loreto, Hans Spaak, Mats Näslund
  • Publication number: 20190007376
    Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.
    Type: Application
    Filed: June 23, 2015
    Publication date: January 3, 2019
    Inventors: Karl NORRMAN, Yi CHENG, John MATTSSON, Mats NÄSLUND
  • Publication number: 20180367296
    Abstract: A method (40) of generating a pseudonym associated with a communication device (11) is disclosed. The method (40) is performed in a network node (13) of a communications system (10) and comprises generating (41) a pseudonym embryo based on one or more elements of a sequence (S1, S2, . . . , Sn), obtaining (42) the pseudonym as output of a masking operation applied to the pseudonym embryo, wherein the masking operation comprises a one-to-one mapping, and transmitting (43) the pseudonym to the communication device (11). A corresponding network node (13), computer program and computer program product are also disclosed.
    Type: Application
    Filed: December 18, 2015
    Publication date: December 20, 2018
    Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Karl NORRMAN, Jari ARRKO, Elena DUBROVA, Mats NÄSLUND
  • Publication number: 20180332021
    Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.
    Type: Application
    Filed: July 24, 2018
    Publication date: November 15, 2018
    Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
  • Patent number: 10129753
    Abstract: A method and arrangements for enabling authentication of a communication device is suggested, where a network node, capable of operating as an authentication server does not have to store all state related information relevant for a roundtrip of an authentication session. Instead of storing all this information, at least a part of it is provided to the authenticator or the communication unit, for later retrieval in a subsequent response. Based on the state related information provided in the response, the network node is capable of reproducing a state associated with a respective roundtrip. By repeating the mentioned process for a required number of roundtrips, an authentication session can be executed, where less state related information need to be stored at the mentioned network node.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: November 13, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Mats Näslund, Elena Dubrova, Karl Norrman, Vesa Torvinen
  • Patent number: 10091175
    Abstract: A mobile device and an authentication server are configured to re-establish a security context that was previously established using an Authentication Key Agreement (AKA) procedure. The re-establishment advantageously uses re-use information saved from the preceding AKA procedure, including using synchronization information for each such re-establishment that occurs between AKA procedures. The synchronization information particularly identifies each instance of re-establishment and depends on a sequence number assigned to the preceding AKA procedure and on any previous instances of re-establishing the security context.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: October 2, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Patent number: 10057232
    Abstract: A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: August 21, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
  • Patent number: 10039059
    Abstract: A method of authorizing a message received at a node in a wireless network is disclosed. The message from a sender device is formed by a plurality of symbols and includes a first message integrity indicator located at a predetermined distance from the start of the message such that further symbols of the message are included after the first message integrity indicator. The position of the first message integrity indicator in the message is determined, and a cryptographic operation is performed on at least some of the symbols of the message before the first message integrity indicator so as to generate a second message integrity indicator before the first message integrity indicator is received. The first and second message integrity indicators are compared, and an indication that the message is not authorized is provided if the second message integrity indicator does not match the first message integrity indicator.
    Type: Grant
    Filed: December 20, 2013
    Date of Patent: July 31, 2018
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Mats Näslund, Göran Selander, Vlasios Tsiatsis, Elena Dubrova
  • Publication number: 20180206118
    Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.
    Type: Application
    Filed: March 13, 2018
    Publication date: July 19, 2018
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 9992017
    Abstract: Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: June 5, 2018
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Mats Näslund, Tereza Cristina Melo De Brito Carvalho, Leonardo Horn Iwaya, Marcos Antonio Simplicio Junior
  • Publication number: 20180131679
    Abstract: The disclosure relates to a method (20) for a serving device (3) of establishing a computational puzzle for use in communication between a client device (2) and the serving device (3). The method (20) comprises establishing (21), in the serving device (3), the computational puzzle (p) based on a key shared by the client device (2) and the serving device (3) and on a solution (s?, s?) to the computational puzzle (p). Further method (30) in a serving device is provided, methods (60, 70) for client devices (2), serving devices (3), client devices (2), computer programs and computer program products.
    Type: Application
    Filed: April 16, 2015
    Publication date: May 10, 2018
    Inventors: Göran Selander, Elena Dubrova, Fredrik Lindqvist, Mats Näslund
  • Patent number: 9952278
    Abstract: Electronic devices (320) are provided which comprise a digital logic circuit (101) and a test module (322) adapted to receive test parameters from a remote test management device (310), generate test patterns based on the test parameters, apply the test patterns to the digital logic circuit, receive test responses from the digital logic circuit, compact the test responses into a test signature, and either transmit the test signature to the remote test management device or determine a test result based on a comparison of an expected signature received from the remote test management device with the test signature.
    Type: Grant
    Filed: February 5, 2014
    Date of Patent: April 24, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Elena Dubrova, Gunnar Carlsson, John Fornehed, Mats Näslund, Bernard Smeets
  • Patent number: 9949118
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: April 17, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin