Patents by Inventor Mats Naslund
Mats Naslund has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10623187Abstract: A method (400) of generating a cryptographic checksum for a message M(x) is provided. The method is performed by a communication device, such as a sender or a receiver, and comprises calculating (405) the cryptographic checksum as a first function g of a division of a second function of M(x), ƒ(M(x)), modulo a generator polynomial p(x) of degree n, g(ƒ(M(x))mod p(x)). The generator polynomial is calculated (403) as p(x)=(1?x)·P1(x), and P1(x) is a primitive polynomial of degree n?1. The primitive polynomial is selected (402), based on a first cryptographic key, from the set of primitive polynomials of degree n?1 over a Galois Field. By replacing a standard checksum with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security.Type: GrantFiled: May 4, 2015Date of Patent: April 14, 2020Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Elena Dubrova, Gunnar Mildh, Mats Näslund, Göran Selander
-
Patent number: 10609020Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: GrantFiled: November 30, 2018Date of Patent: March 31, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: John Mattsson, Salvatore Loreto, Mats Näslund, Robert Skog, Hans Spaak
-
Publication number: 20200050430Abstract: A method (40) is provided for performing a trustworthiness test on a random number generator, RNG, (20) comprising a physical unclonable function, PUF,-module (21). The trustworthiness test is implemented as a known answer test, KAT, and the method (40) comprises: receiving (41), in the PUF-module (21), an input based on test data, T, received from a verifier (11) provided with at least one test data-test result pair, (T, R), providing (42) an output from the PUF-module (21), determining (43) a test result, R?, based on the output from the PUF-module (21), and providing (44) the test result, R?, to the verifier (11). A random number generator (20), computer program and computer program products and a method performed by or in a verifier are also provided.Type: ApplicationFiled: November 15, 2016Publication date: February 13, 2020Inventors: Mats Näslund, Elena Dubrova, Karl Norrman
-
Patent number: 10555241Abstract: The disclosure relates to a method (30) for a network node (6, 7, 8) of a wireless network (1) of providing a device (5, 9) access to the wireless network (1). The method (30) comprises receiving (31), from a device (5, 9), an access request comprising a preamble; establishing (32), in response to the access request, a computational puzzle based on the received preamble; and sending (33) the computational puzzle to the device (5, 9). A corresponding method in a device is also disclosed, as are a network node (6, 7, 8), device (5, 9), computer programs and computer program products.Type: GrantFiled: April 16, 2015Date of Patent: February 4, 2020Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Göran Selander, Elena Dubrova, Fredrik Lindqvist, Mats Näslund
-
Publication number: 20190394184Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: ApplicationFiled: September 3, 2019Publication date: December 26, 2019Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO
-
Patent number: 10469247Abstract: A technique for generating a keystream (128) for ciphering or deciphering a data stream (122) is provided. As to a method aspect of the technique, a nonlinear feedback shift register, NLFSR (112), including n register stages implemented in a Galois configuration is operated. At least one register stage of the implemented n register stages is representable by at least one register stage of a linear feedback shift register, LFSR. A first subset of the implemented n register stages is representable by a second subset of a second NLFSR. A number of register stages receiving a nonlinear feedback in the second NLFSR is greater than one and less than a number of register stages receiving a nonlinear feedback in the implemented NLFSR. The keystream (128) is outputted from a nonlinear output function (118). An input of the nonlinear output function (118) is coupled to at least two of the implemented n register stages of the NLFSR (112).Type: GrantFiled: December 17, 2014Date of Patent: November 5, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Elena Dubrova, Martin Hell, Bernard Smeets
-
Patent number: 10462671Abstract: A method and arrangements for enabling authentication of a communication device is suggested, where a network node, capable of operating as an authentication server does not have to store all state related information relevant for a roundtrip of an authentication session. Instead of storing all this information, at least a part of it is provided to the authenticator or the communication unit, for later retrieval in a subsequent response. Based on the state related information provided in the response, the network node is capable of reproducing a state associated with a respective roundtrip. By repeating the mentioned process for a required number of roundtrips, an authentication session can be executed, where less state related information need to be stored at the mentioned network node.Type: GrantFiled: October 4, 2018Date of Patent: October 29, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Elena Dubrova, Karl Norrman, Vesa Torvinen
-
Patent number: 10432606Abstract: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.Type: GrantFiled: April 27, 2012Date of Patent: October 1, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Naslund, Maurizio Iovieno, Karl Norrman
-
Patent number: 10425808Abstract: A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.Type: GrantFiled: January 19, 2017Date of Patent: September 24, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Naslund, Jari Arkko
-
Patent number: 10396996Abstract: A method (500) of generating a cryptographic checksum for a message M(x) is provided. The method comprises pseudo-randomly selecting (502) at least two irreducible polynomials pi(x). Each irreducible polynomial pi(x) is selected based on a first cryptographic key from the set of irreducible polynomials of degree ni over a Galois Field. The method further comprises calculating (503) a generator polynomial p(x) of degree n=formula (I) as a product of the N irreducible polynomials formula (II), and calculating (505) the cryptographic checksum as a first function g of a division of a second function of M(x), ƒ(M(x)), modulo p(x), i.e., g(ƒ(M(x)) mod p(x)). By replacing a standard checksum, such as a Cyclic Redundancy Check (CRC), with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security.Type: GrantFiled: August 19, 2014Date of Patent: August 27, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Elena Dubrova, Fredrik Lindqvist, Göran Selander
-
Patent number: 10356619Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.Type: GrantFiled: March 13, 2018Date of Patent: July 16, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Patent number: 10313125Abstract: A method (500) of generating a cryptographic checksum for a message M(x) is provided. The method comprises pseudo-randomly selecting (502) a generator polynomial p(x) from the set of polynomials of degree n over a Galois Field and calculating (504) the cryptographic checksum as a first function g of a division of a second function of M(x), ƒ(M(x)), modulo p(x), g(ƒ(M(x))mod p(x)). The generator polynomial p(x) is pseudo-randomly selected based on a first cryptographic key. By replacing a standard checksum, such as a Cyclic Redundancy Check (CRC), with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security. Further, a corresponding computer program, a corresponding computer program product, and a checksum generator for generating a cryptographic checksum, are provided.Type: GrantFiled: June 27, 2014Date of Patent: June 4, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Elena Dubrova, Fredrik Lindqvist, Mats Näslund, Göran Selander
-
Patent number: 10289810Abstract: Disclosed is, among other things, a method for distributing content items to authorized users. The method comprising: a content owner device (190), COD, obtaining a first content item (196a); the COD (190) obtaining a first tag associated with the first content item (196a); the COD (190) obtaining a first content key, CK1, for said first content item (196a); the COD (190) encrypting the first content item (196a) using CK1, thereby producing a first encrypted content item; the COD (190) using at least the first tag and a key derivation function, KDF, to derive a first derived key, DK1; the COD (190) encrypting CK1 using the DK1, thereby producing a first encrypted content key, ECK1; and the COD (190) transmitting information to a content server (108), the information comprising: the first encrypted content item and the first tag.Type: GrantFiled: February 27, 2014Date of Patent: May 14, 2019Assignee: Telefonaktiebolaget LM Ericsson (Publ)Inventors: Tommy Arngren, Mats Näslund
-
Publication number: 20190109841Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: ApplicationFiled: November 30, 2018Publication date: April 11, 2019Inventors: John MATTSSON, Salvatore LORETO, Mats NÄSLUND, Robert SKOG, Hans SPAAK
-
Patent number: 10219158Abstract: This disclosure relates to methods and apparatuses for protection of control plane functionality of a network node of a communications network providing wireless communication to a mobile terminal. The network node is configured to support control plane signaling with the mobile terminal. A communication context for the mobile terminal is maintained, wherein the communication context is associated with a control signaling message exchange between the mobile terminal and the network node. One method includes establishing, for a received message, a communication context to which it belongs; determining, in relation to information in the established communication context, the received message to be a message conforming to a protection rule or a message violating a protection rule; and handling the message in accordance with rules of a protection policy. Related network nodes, computer programs, and computer program products are disclosed.Type: GrantFiled: February 21, 2014Date of Patent: February 26, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Michael Liljenstam, Prajwol Kumar Nakarmi, Oscar Ohlsson, Mats Näslund
-
Publication number: 20190037404Abstract: A method and arrangements for enabling authentication of a communication device is suggested, where a network node, capable of operating as an authentication server does not have to store all state related information relevant for a roundtrip of an authentication session. Instead of storing all this information, at least a part of it is provided to the authenticator or the communication unit, for later retrieval in a subsequent response. Based on the state related information provided in the response, the network node is capable of reproducing a state associated with a respective roundtrip. By repeating the mentioned process for a required number of roundtrips, an authentication session can be executed, where less state related information need to be stored at the mentioned network node.Type: ApplicationFiled: October 4, 2018Publication date: January 31, 2019Inventors: Mats NÄSLUND, Elena DUBROVA, Karl NORRMAN, Vesa TORVINEN
-
Patent number: 10178086Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.Type: GrantFiled: November 28, 2014Date of Patent: January 8, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: John Mattsson, Robert Skog, Salvatore Loreto, Hans Spaak, Mats Näslund
-
Publication number: 20190007376Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.Type: ApplicationFiled: June 23, 2015Publication date: January 3, 2019Inventors: Karl NORRMAN, Yi CHENG, John MATTSSON, Mats NÄSLUND
-
Publication number: 20180367296Abstract: A method (40) of generating a pseudonym associated with a communication device (11) is disclosed. The method (40) is performed in a network node (13) of a communications system (10) and comprises generating (41) a pseudonym embryo based on one or more elements of a sequence (S1, S2, . . . , Sn), obtaining (42) the pseudonym as output of a masking operation applied to the pseudonym embryo, wherein the masking operation comprises a one-to-one mapping, and transmitting (43) the pseudonym to the communication device (11). A corresponding network node (13), computer program and computer program product are also disclosed.Type: ApplicationFiled: December 18, 2015Publication date: December 20, 2018Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Karl NORRMAN, Jari ARRKO, Elena DUBROVA, Mats NÄSLUND
-
Publication number: 20180332021Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: ApplicationFiled: July 24, 2018Publication date: November 15, 2018Inventors: Mats NÄSLUND, Bengt SAHLIN, Karl NORRMAN, Jari ARKKO