Patents by Inventor Mats Näslund

Mats Näslund has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8811987
    Abstract: Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.
    Type: Grant
    Filed: December 19, 2008
    Date of Patent: August 19, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Göran Selander, Jari Vikberg, Karl Norrman, Rolf Blom, Mats Näslund
  • Patent number: 8797940
    Abstract: Systems and methods for the configuration of network nodes without a secured connection in a telecommunications system are described herein. These network nodes can be wireless network nodes which are part of the network infrastructure, such as, wireless relays, wireless repeaters and self-back-hauled eNodeBs.
    Type: Grant
    Filed: May 20, 2009
    Date of Patent: August 5, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: András Rácz, Göran Selander, Mats Näslund, Luis Barriga, Magnus Lindström, Gunnar Mildh, Niklas Johansson
  • Publication number: 20140215217
    Abstract: A method comprising the use of a bootstrapping protocol to define a security relationship between a first server and a second server, the first and second servers co-operating to provide a service to a user terminal. A bootstrapping protocol is used to generate a shared key for securing communication between the first server and the second server. The shared key is based on a context of the bootstrapping protocol, and the context is associated with a Subscriber Identity Module (SIM) associated with the user terminal and provides a base for the shared key. A method of the invention may, for example, be employed within a computing/service network such as a “cloud”, and in particular for communications between two servers in the cloud that are co-operating to provide a service to a user.
    Type: Application
    Filed: September 8, 2011
    Publication date: July 31, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Kristoffer Gronowski, Shingo Murakami, Mats Näslund
  • Patent number: 8788705
    Abstract: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
    Type: Grant
    Filed: January 4, 2010
    Date of Patent: July 22, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Karl Norrman, Jukka Ylitalo, Mats Näslund, Pekka Nikander
  • Publication number: 20140196127
    Abstract: An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
    Type: Application
    Filed: June 13, 2012
    Publication date: July 10, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Bernard Smeets, Mats Näslund
  • Patent number: 8745715
    Abstract: The invention relates to password-based authentication in group networks. Each device has an authentication token irreversibly based on the password. The authentication involves a first device at which the password P is entered and a second device towards which the authentication occurs. The first device determines a check token Mj for the second based on the password and its own authentication token Rl and this check token is sent to the second device, where it is compared with the authentication token of that device. The procedure may include update of a device to exclude a non-trusted device from the group or change the password. Advantageous features are that the information in one device does not allow retrieval of the password and that the password is only exposed at one device, and only temporarily, during the authentication.
    Type: Grant
    Filed: April 16, 2003
    Date of Patent: June 3, 2014
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Fredrik Lindholm, Mats Naeslund
  • Patent number: 8738910
    Abstract: Methods and arrangements for enabling the use of a first device (300) for controlling transfer of media content from a content provider (306) to a second device (302). The first device has a pre-established security association with the communications network. When the network detects a request made by the first device for delivery of media content to the second device, key information is established which enables determination of one or more media keys for encryption of the media content. The network sends key information to the content provider and to the first device. The content provider then delivers media content encrypted by the media key(s) to the second device. Further, the first device forward the media key(s) over a local communication link to the second device for decryption of media content encrypted by the media key(s) when delivered by the content provider.
    Type: Grant
    Filed: December 7, 2009
    Date of Patent: May 27, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Göran Selander, Yi Cheng, Mattias Eld, Frank Hartung, Michael Liljenstam, Mats Näslund
  • Publication number: 20140096193
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Application
    Filed: November 26, 2013
    Publication date: April 3, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Publication number: 20140053241
    Abstract: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node.
    Type: Application
    Filed: April 27, 2011
    Publication date: February 20, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Patent number: 8646085
    Abstract: The invention relates to an apparatus for analyzing and reconfiguring a technical system (2) with respect to security, as well as a corresponding decision support system and computer program product. A graph constructor (20) provides, based on technical information about the system (2) received via an input interface (10), a representation of potential attacks in a directed graph of attack nodes. A system/countermeasure analysis unit (30) ranks different sets of countermeasures to enable a selected set of countermeasures to be taken to improve security. The analysis unit (30) performs the following procedure for each set of countermeasures: i) logically apply the set of countermeasures to attacks in the directed graph, and ii) determine a rank of the applied set of countermeasures based on the effectiveness of the countermeasures with respect to the reduction of the risk of attacks.
    Type: Grant
    Filed: September 23, 2008
    Date of Patent: February 4, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Karl Norrman, Jonathan Cederberg, Mats Näslund
  • Patent number: 8630415
    Abstract: A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.
    Type: Grant
    Filed: January 25, 2008
    Date of Patent: January 14, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Makan Pourzandi, Frederic Rossi, Mats Näslund
  • Patent number: 8576845
    Abstract: Method and apparatus for controlling transmission of data packets in a packet-switched network. When a first end-host (A) sends an address query to a DNS system (300) for a second end-host, the DNS system responds by providing a sender key created from a destination key registered for the second end-host, if the first end-host is authorized to send packets to the second end-host. Thereby, the first end-host, if authorized, is able to get across data packets to the second end-host by attaching a sender tag (TAG) generated from the sender key, as ingress tag to each transmitted data packet. A router (302) in the network matches an ingress tag in a received packet with entries in a forwarding table and sends out the packet on an output port (X) according to a matching entry. Otherwise, the router discards the packet if no matching entry is found in the table.
    Type: Grant
    Filed: August 22, 2008
    Date of Patent: November 5, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: András Császár, Lars Westberg, Mats Näslund, Lars G. Magnusson
  • Publication number: 20130291071
    Abstract: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
    Type: Application
    Filed: July 19, 2011
    Publication date: October 31, 2013
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Rolf Blom, Mats Näslund, Karl Norrman
  • Patent number: 8555337
    Abstract: The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device according to the invention comprises a set up sequence, wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence. In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device, after being authenticated according to the above, may be used to authenticate a second device.
    Type: Grant
    Filed: September 8, 2005
    Date of Patent: October 8, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Per-Olof Nerbrant, Mats Näslund
  • Patent number: 8539564
    Abstract: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
    Type: Grant
    Filed: March 4, 2009
    Date of Patent: September 17, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Mats Näslund, Rolf Blom, Yi Cheng, Fredrik Lindholm, Karl Norrman
  • Patent number: 8515064
    Abstract: A method of key management in a communication network that includes a plurality of groups with each group including one or several members authorized to have access to key-protected services is provided by an apparatus. The method includes determining when a member starts a switching action from one service to another. A time dependent quantity starting from the switching action is determined. The method includes determining that the member is a member of a switching group when the quantity is less than a threshold value is made, and when the quantity is larger than the threshold, determining that the member has decided to join a new group, and changing the appropriate access key(s).
    Type: Grant
    Filed: October 30, 2008
    Date of Patent: August 20, 2013
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Tereza Cristina Melo de Brito Carvalho, Vlad Constantin Coroama, Mats Näslund, Makan Pourzandi, Marcos Antonio Simplicio, Jr., Yeda Regina Venturini
  • Publication number: 20130203454
    Abstract: A method and arrangement in a first mobile terminal (600) for determining allocation of radio resources for DMO communication amongst a group of mobile terminals. M the first mobile terminal, a first determining module 600a determines a communication (Sout, Sin) with a second mobile terminal (602) of the group. A second determining module (600b) determines a resource element (RE) for communication by applying a predefined cryptographic function P based on a terminal identification (K)). The cryptographic function has been configured in the mobile terminals of the group to provide terminal-specific resource elements for different mobile terminals within respective radio frames. A communication module (600c) then communicates with the second mobile terminal (602), either by transmission or reception of the data, on the determined resource element (RE).
    Type: Application
    Filed: June 7, 2010
    Publication date: August 8, 2013
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Mats Näslund, Göran Selander, Per Skillermark, Riitta Almgren
  • Patent number: 8462947
    Abstract: A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.
    Type: Grant
    Filed: December 19, 2006
    Date of Patent: June 11, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Mats Näslund, Jari Arkko
  • Publication number: 20130124757
    Abstract: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
    Type: Application
    Filed: January 4, 2010
    Publication date: May 16, 2013
    Inventors: Karl Norrman, Jukka Ylitalo, Mats Näslund, Pekka Nikander
  • Publication number: 20130097296
    Abstract: A virtual machine (VM) system is provided. The system includes a target physical server (PS) that has a resource configuration. The system includes a source PS that runs a virtual machine (VM). The source PS is in communication with the target PS. The source PS includes a memory that stores a migration policy file. The migration policy file includes at least one trust criteria in which the at least one trust criteria indicates a minimum resource configuration. The source PS includes a receiver that receives target PS resource configuration and a processor in communication with the memory and receiver. The processor determines whether the target PS resource configuration meets the at least one trust criteria. The processor initiates VM migration to the target PS based at least in part on whether the target PS resource configuration meets the at least one trust criteria.
    Type: Application
    Filed: October 18, 2011
    Publication date: April 18, 2013
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Christian Gehrmann, Mats Näslund, Makan Pourzandi