Patents by Inventor Mats Näslund

Mats Näslund has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20160349314
    Abstract: Electronic devices (320) are provided which comprise a digital logic circuit (101) and a test module (322) adapted to receive test parameters from a remote test management device (310), generate test patterns based on the test parameters, apply the test patterns to the digital logic circuit, receive test responses from the digital logic circuit, compact the test responses into a test signature, and either transmit the test signature to the remote test management device or determine a test result based on a comparison of an expected signature received from the remote test management device with the test signature.
    Type: Application
    Filed: February 5, 2014
    Publication date: December 1, 2016
    Inventors: Elena Dubrova, Gunnar Carlsson, John Fornehed, Mats Näslund, Bernard Smeets
  • Publication number: 20160299189
    Abstract: A Feedback Shift-Register (FSR) enabling improved testing, e.g., Built-In Self-Tests (BIST), is provided. Each cell of the FSR may either be an observable cell, associated with a non-trivial feedback function implemented by a combinational logic circuit, or a controllable cell, having an associated state variable which belongs to the dependence set of exactly one of the non-trivial feedback functions. Each controllable cell is provided with a multiplexer for selecting either a predecessor cell of the controllable cell or a test value as input. Thus, the sequential circuit of the FSR may be tested using tests for combinational logic. The disclosed test procedures utilize a minimal set of test vectors and allow detection of all single stuck-at faults in the FSR. This may not increase the propagation delay of the original design, and the resulting dynamic power dissipation during test can be considerably less than known BIST designs.
    Type: Application
    Filed: November 28, 2013
    Publication date: October 13, 2016
    Inventors: Göran SELANDER, Mats NÄSLUND, Elena DUBROVA
  • Patent number: 9467431
    Abstract: An authentication method comprises providing a set of N plural number of master keys both to a user terminal (13) and to home network entity (11) and, when performing an authentication key agreement (AKA) transaction for an application, selecting one of the N number of master keys to serve as a master key for use both at the user terminal and the home network entity for deriving further keys for the application.
    Type: Grant
    Filed: February 15, 2008
    Date of Patent: October 11, 2016
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: John Michael Walker, Susana Fernandez Alonso, Mats Näslund
  • Publication number: 20160255070
    Abstract: A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.
    Type: Application
    Filed: April 12, 2016
    Publication date: September 1, 2016
    Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
  • Patent number: 9432384
    Abstract: A first data handling node (304) is configured to verify data received in a data distribution network with multiple data handling nodes forming a distribution path of a network topology, by obtaining tag information from a hash server (306). The first data handling node (304) receives data (D3) and a hash tag (H3) from a second data handling node (302). The received data (D3) and hash tag (H3) have been generated by the second node based on a previous hash tag (H1, H2) generated by a preceding third data handling node (300a, 300b). The third node has delivered data (D1, D2) to the second node, and the received data (D3) has been generated by the second node based on the data (D1, D2) delivered by the third data handling node.
    Type: Grant
    Filed: November 12, 2012
    Date of Patent: August 30, 2016
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON
    Inventors: Vincent Huang, Yi Cheng, András Méhes, Mats Näslund
  • Patent number: 9432349
    Abstract: An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
    Type: Grant
    Filed: June 13, 2012
    Date of Patent: August 30, 2016
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Bernard Smeets, Mats Näslund
  • Publication number: 20160234197
    Abstract: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.
    Type: Application
    Filed: April 19, 2016
    Publication date: August 11, 2016
    Inventors: Mats NÄSLUND, Maurizio IOVIENO, Karl NORRMAN
  • Patent number: 9407616
    Abstract: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: August 2, 2016
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Publication number: 20160210443
    Abstract: Disclosed is, among other things, a method for distributing content items to authorized users. The method comprising: a content owner device (190), COD, obtaining a first content item (196a); the COD (190) obtaining a first tag associated with the first content item (196a); the COD (190) obtaining a first content key, CK1, for said first content item (196a); the COD (190) encrypting the first content item (196a) using CK1, thereby producing a first encrypted content item; the COD (190) using at least the first tag and a key derivation function, KDF, to derive a first derived key, DK1; the COD (190) encrypting CK1 using the DK1, thereby producing a first encrypted content key, ECK1; and the COD (190) transmitting information to a content server (108), the information comprising: the first encrypted content item and the first tag.
    Type: Application
    Filed: February 27, 2014
    Publication date: July 21, 2016
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Tommy ARNGREN, Mats NÄSLUND
  • Publication number: 20160210464
    Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.
    Type: Application
    Filed: September 9, 2013
    Publication date: July 21, 2016
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Mats NÄSLUND, Christian SCHAEFER
  • Publication number: 20160191510
    Abstract: A tamper-resistant security device, such as a subscriber identity module or equivalent, has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The tamper-resistant security device includes an application that cooperates with the AKA module and an internal interface for communications between the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. For increased security, the security device may also detect whether it is operated in its normal secure environment or a foreign less secure environment and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.
    Type: Application
    Filed: March 4, 2016
    Publication date: June 30, 2016
    Inventors: Mats Näslund, Tomas Goldbeck-Löwe, Karl Norrman
  • Publication number: 20160183091
    Abstract: A mobile device and an authentication server are configured to re-establish a security context that was previously established using an Authentication Key Agreement (AKA) procedure. The re-establishment advantageously uses re-use information saved from the preceding AKA procedure, including using synchronization information for each such re-establishment that occurs between AKA procedures. The synchronization information particularly identifies each instance of re-establishment and depends on a sequence number assigned to the preceding AKA procedure and on any previous instances of re-establishing the security context.
    Type: Application
    Filed: March 1, 2016
    Publication date: June 23, 2016
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Publication number: 20160156464
    Abstract: Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server.
    Type: Application
    Filed: June 28, 2013
    Publication date: June 2, 2016
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Mats NÄSLUND, Tereza Cristina MELO DE BRITO CARVALHO, Leonardo Horn IWAYA, Marcos Antonio SIMPLICIO JUNIOR
  • Patent number: 9326142
    Abstract: A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key.
    Type: Grant
    Filed: August 1, 2014
    Date of Patent: April 26, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Karl Norrman, Mats Näslund
  • Publication number: 20160095053
    Abstract: A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Centre (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: by means of information received in a signalling message (0) from the network, discover if the network supports one or more of said security features, exchange information with the network in order to enable the use of one or more of the above-mentioned supported security features in the communication, carry out at least one of the one or more of the supported security features in the communication with the network.
    Type: Application
    Filed: December 10, 2015
    Publication date: March 31, 2016
    Inventors: Thomas Johansson, Håkan Englund, Mats Näslund
  • Patent number: 9300681
    Abstract: A method, arrangement, and first access router in a packet-switched communication network for determining that a first endpoint originating a communication session with a second endpoint is not initiating a malicious man-in-the-middle attack. The first access router provides access for the first endpoint to the network and a second access router provides access for the second endpoint. The first and second access routers facilitate conducting a secure key exchange between the first and second endpoints, wherein a shared secret key is generated. The first access router utilizes a Prefix Reachability Detection (PRD) protocol to determine the first endpoint is topologically legitimate due to being topologically located behind the first access router, and then sends a Prefix Request Test Initialization (PRTI) message to the second access router indicating the first endpoint is topologically legitimate.
    Type: Grant
    Filed: September 4, 2014
    Date of Patent: March 29, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Wassim Haddad, Mats Näslund
  • Patent number: 9282095
    Abstract: A tamper-resistant security device, such as a subscriber identity module or equivalent, has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The tamper-resistant security device includes an application that cooperates with the AKA module and an internal interface for communications between the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. For increased security, the security device may also detect whether it is operated in its normal secure environment or a foreign less secure environment and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: March 8, 2016
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Karl Norrman, Tomas Goldbeck-Löwe
  • Patent number: 9253178
    Abstract: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
    Type: Grant
    Filed: July 19, 2011
    Date of Patent: February 2, 2016
    Assignee: Telefonaktiebolaget L M Ericsson
    Inventors: Rolf Blom, Mats Näslund, Karl Norrman
  • Publication number: 20160007294
    Abstract: A method of authorizing a message received at a node in a wireless network is disclosed. The message from a sender device is formed by a plurality of symbols and includes a first message integrity indicator located at a predetermined distance from the start of the message such that further symbols of the message are included after the first message integrity indicator. The position of the first message integrity indicator in the message is determined, and a cryptographic operation is performed on at least some of the symbols of the message before the first message integrity indicator so as to generate a second message integrity indicator before the first message integrity indicator is received. The first and second message integrity indicators are compared, and an indication that the message is not authorized is provided if the second message integrity indicator does not match the first message integrity indicator.
    Type: Application
    Filed: December 20, 2013
    Publication date: January 7, 2016
    Inventors: Mats NÄSLUND, Göran SELANDER, Vlasios TSIATSIS, Elena DUBROVA
  • Patent number: 9226140
    Abstract: A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Center (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: • by means of information received in a signalling message (0) from the network, discover if the network supports one or more of said security features, • exchange information with the network in order to enable the use of one or more of the above-mentioned supported security features in the communication, • carry out at least one of the one or more of the supported security features in the communication with the network.
    Type: Grant
    Filed: September 28, 2009
    Date of Patent: December 29, 2015
    Assignee: Unwired Planet, LLC
    Inventors: Thomas Johansson, Håkan Englund, Mats Näslund