Patents by Inventor Pasi SAARINEN

Pasi SAARINEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220272534
    Abstract: A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.
    Type: Application
    Filed: May 5, 2022
    Publication date: August 25, 2022
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
  • Patent number: 11399277
    Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.
    Type: Grant
    Filed: November 5, 2020
    Date of Patent: July 26, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
  • Publication number: 20220210121
    Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.
    Type: Application
    Filed: January 7, 2022
    Publication date: June 30, 2022
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Pasi SAARINEN, Prajwol Kumar NAKARMI
  • Patent number: 11330433
    Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.
    Type: Grant
    Filed: July 17, 2018
    Date of Patent: May 10, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
  • Patent number: 11228562
    Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.
    Type: Grant
    Filed: September 19, 2018
    Date of Patent: January 18, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Pasi Saarinen, Prajwol Kumar Nakarmi
  • Publication number: 20210368345
    Abstract: The disclosure relates to methods of validating a SUCI implemented by a network node in a mobile network. The network node receives a message including the SUCI. Responsive to receipt of the message, the network node obtains a first set of encryption parameters used to generate the SUCI. The network node uses the first set of encryption parameters to de-conceal the SUCI to obtain subscription information associated with a subscription. Subsequently, the network node obtains a second set of encryption parameters associated with the subscription using the subscription information and validates the SUCI based on the second set of encryption parameters. As one example, the network node validates the SUCI by comparing the first set of encryption parameters to the second set of encryption parameters and determining if there is a match.
    Type: Application
    Filed: December 20, 2018
    Publication date: November 25, 2021
    Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
  • Publication number: 20210345088
    Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.
    Type: Application
    Filed: July 14, 2021
    Publication date: November 4, 2021
    Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
  • Patent number: 11102640
    Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: August 24, 2021
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
  • Patent number: 11076288
    Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.
    Type: Grant
    Filed: August 9, 2019
    Date of Patent: July 27, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
  • Publication number: 20210153010
    Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.
    Type: Application
    Filed: July 17, 2018
    Publication date: May 20, 2021
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa TORVINEN, Noamen BEN HENDA, David CASTELLANOS ZAMORA, Prajwol Kumar NAKARMI, Pasi SAARINEN, Monica WIFVESSON
  • Publication number: 20210058772
    Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.
    Type: Application
    Filed: November 5, 2020
    Publication date: February 25, 2021
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar NAKARMI, Pasi SAARINEN, Monica WIFVESSON
  • Publication number: 20210037026
    Abstract: Methods and network equipment in a core network for intercepting protected communication between core network (CN) network functions (NFs). A method performed by network equipment in a core network may include establishing a first connection with a first NF for which the network equipment serves as a proxy and establishing, on behalf of the first NF, a second connection that is towards a second NF and that is secure. The method may also include selectively forwarding communication between the first and second NFs over the first and second connections, including transmitting and/or receiving the communication on behalf of the first NF over the second connection. The method may further include intercepting the communication that the network equipment selectively forwards between the first and second NFs.
    Type: Application
    Filed: October 31, 2018
    Publication date: February 4, 2021
    Inventor: Pasi Saarinen
  • Publication number: 20210014680
    Abstract: Network equipment (300, 400) is configured for use in one of multiple different core network domains of a wireless communication system (10). The network equipment (300, 400) is configured to receive a message (60) that has been, or is to be, transmitted between the different core network domains The network equipment (300, 400) is also configured to apply inter-domain security protection to, or remove inter-domain security protection from, one or more portions of the content of a field in the message according to a protection policy (80). The protection policy (80) includes information indicating to which one or more portions of the content inter-domain security protection is to be applied or removed. The network equipment (300, 400) is also configured to forward the message (60), with inter-domain security protection applied or removed to the one or more portions, towards a destination of the message (60).
    Type: Application
    Filed: February 15, 2019
    Publication date: January 14, 2021
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Pasi SAARINEN, Jesus-Angel DE-GREGORIO-RODRIGUEZ, Christine JOST, Pablo MARTINEZ DE LA CRUZ
  • Publication number: 20210014284
    Abstract: The disclosure provides techniques for negotiating security mechanisms between security gateways (102A, 102B). In these techniques, an initiating security gateway (102A) sends (302) a request message to a responding security gateway (102B) over a first connection established between the security gateways. The first connection provides integrity protection for 5 the messages. The request message includes one or more security mechanisms supported by the initiating security gateway. Upon receipt, the responding security gateway selects (406) one of the security mechanisms and transmits (408) a response message to the initiating security gateway indicating the selected security mechanism. Signaling messages are then communicated (310, 412) between the security gateways using the selected security 10 mechanism.
    Type: Application
    Filed: February 15, 2019
    Publication date: January 14, 2021
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa LEHTOVIRTA, Pablo MARTINEZ DE LA CRUZ, Karl NORRMAN, Pasi SAARINEN, Vesa TORVINEN
  • Publication number: 20200359195
    Abstract: A network function performs a method to identify an invalid subscription concealed identifier, SUCI. When the network function receives a message containing a SUCI, it determines a size of the SUCI contained in the received message, and also determines an expected size of the SUCI in the received message. The network function then determines whether the size of the SUCI contained in the received message satisfies a criterion associated with the expected size. If the size of the SUCI contained in the received message does not satisfy the criterion associated with the expected size, the network function determines that the SUCI in the received message is invalid, and it rejects the SUCI in the received message if it is determined to be invalid.
    Type: Application
    Filed: December 20, 2018
    Publication date: November 12, 2020
    Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen
  • Patent number: 10834580
    Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.
    Type: Grant
    Filed: March 6, 2020
    Date of Patent: November 10, 2020
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
  • Publication number: 20200259786
    Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.
    Type: Application
    Filed: September 19, 2018
    Publication date: August 13, 2020
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Pasi SAARINEN, Prajwol Kumar NAKARMI
  • Publication number: 20200213840
    Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.
    Type: Application
    Filed: March 6, 2020
    Publication date: July 2, 2020
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar NAKARMI, Pasi SAARINEN, Monica WIFVESSON
  • Patent number: 10667126
    Abstract: A radio access network, RAN, node configures user plane access stratum, AS, security in a wireless communication system that includes a radio access network, RAN, and a core network, CN. The RAN node is configured to receive, from the CN, signaling that indicates a decision by the CN of whether or not the RAN node is to activate user plane AS security and that indicates whether or not the RAN node is allowed to overrule the decision by the CN. For example, the signaling may indicate whether the decision by the CN is a command that the RAN node must comply with or a preference that the RAN node is permitted to overrule. Regardless, the RAN node may also be configured to activate or not activate user plane AS security, depending on the signaling.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: May 26, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Pasi Saarinen, Vesa Torvinen
  • Publication number: 20200128398
    Abstract: A radio access network, RAN, node (12) configures user plane access stratum, AS, security in a wireless communication system (10) that includes a radio access network, RAN, (10B) and a core network, CN (10A). The RAN node (12) is configured to receive, from the CN (10A), signaling (20) that indicates a decision by the CN (10A) of whether or not the RAN node (12) is to activate user plane AS security and that indicates whether or not the RAN node (12) is allowed to overrule the decision by the CN (10A). For example, the signaling (20) may indicate whether the decision by the CN is a command that the RAN node (12) must comply with or a preference that the RAN node (12) is permitted to overrule. Regardless, the RAN node (12) may also be configured to activate or not activate user plane AS security, depending on the signaling (20).
    Type: Application
    Filed: October 1, 2018
    Publication date: April 23, 2020
    Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Pasi Saarinen, Vesa Torvinen