Patents by Inventor Pekka Laitinen
Pekka Laitinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11374766Abstract: A device with key attestation features comprises an operating system stored in its memory, the operating system comprising a secure environment including a trusted application, and two or more device certificates, each associated with a device key pair, stored in the memory of the device. The trusted application is configured to handle key pair generation requests and key pair attestation requests to read an indication of a preferred device certificate. An attestation certificate that is generated in response to the key pair attestation request is then signed using one of the two or more device certificates with its associated device key pair based on the indication of a preferred device certificate.Type: GrantFiled: August 11, 2017Date of Patent: June 28, 2022Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Pekka Laitinen, Qiming Li, Sampo Sovio, Gang Lian, Zhihua Shan
-
Publication number: 20210165885Abstract: This application provides an extended authentication method and apparatus for a generic bootstrapping architecture and a storage medium. A first network element obtains a bootstrapping transaction identifier (B-TID) and a key lifetime; and the first network element sends the B-TID and the key lifetime to the terminal, so that the terminal performs extensible authentication protocol (EAP)-based generic bootstrapping architecture (GBA) authentication and key agreement (AKA) authentication with the first network element based on the B-TID and the key lifetime.Type: ApplicationFiled: February 8, 2021Publication date: June 3, 2021Inventors: Bo ZHANG, Philip GINZBOORG, Valtteri NIEMI, Pekka LAITINEN
-
Publication number: 20200374112Abstract: In a method for secure provisioning of data to a client device, a non-trusted manufacturing facility is equipped with a secure server device to establish a secure data provisioning channel from the secure server device to trusted hardware in client devices without the secure server device and the client devices needing to have a shared secret.Type: ApplicationFiled: December 1, 2017Publication date: November 26, 2020Inventors: Sampo Sovio, Qiming Li, Pekka Laitinen, Gang Lian, Meilun Xie, Xiwen Fang, Zhihua Shan
-
Publication number: 20200186357Abstract: A device with key attestation features comprises an operating system stored in its memory, the operating system comprising a secure environment including a trusted application, and two or more device certificates, each associated with a device key pair, stored in the memory of the device. The trusted application is configured to handle key pair generation requests and key pair attestation requests to read an indication of a preferred device certificate. An attestation certificate that is generated in response to the key pair attestation request is then signed using one of the two or more device certificates with its associated device key pair based on the indication of a preferred device certificate.Type: ApplicationFiled: August 11, 2017Publication date: June 11, 2020Inventors: Pekka Laitinen, Qiming Li, Sampo Sovio, Gang Lian, Zhihua Shan
-
Patent number: 10284555Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.Type: GrantFiled: September 30, 2016Date of Patent: May 7, 2019Assignee: Nokia Technologies OyInventors: Silke Holtmanns, Pekka Laitinen
-
Patent number: 9906528Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.Type: GrantFiled: March 15, 2016Date of Patent: February 27, 2018Assignee: Nokia CorporationInventors: Pekka Laitinen, Philip Ginzboorg, Nadarajah Asokan, Gabor Bajko
-
Publication number: 20170026371Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.Type: ApplicationFiled: September 30, 2016Publication date: January 26, 2017Inventors: Silke Holtmanns, Pekka Laitinen
-
Patent number: 9485232Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.Type: GrantFiled: June 28, 2007Date of Patent: November 1, 2016Assignee: Nokia Technologies OyInventors: Silke Holtmanns, Pekka Laitinen
-
Publication number: 20160197922Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.Type: ApplicationFiled: March 15, 2016Publication date: July 7, 2016Inventors: Pekka LAITINEN, Philip GINZBOORG, Nadarajah ASOKAN, Gabor BAJKO
-
Patent number: 9300641Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.Type: GrantFiled: February 10, 2006Date of Patent: March 29, 2016Assignee: Nokia CorporationInventors: Pekka Laitinen, Philip Ginzboorg, Nadarajah Asokan, Gabor Bajko
-
Patent number: 8990897Abstract: A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.Type: GrantFiled: September 21, 2011Date of Patent: March 24, 2015Assignee: Nokia CorporationInventors: Silke Holtmanns, Pekka Laitinen
-
Patent number: 8813171Abstract: Systems, methods, and apparatuses are provided for facilitating authorization of a roaming mobile terminal. A method may include receiving a request for security key related policy information for a user equipment device. The request may be sent by a service providing node on a visited network. The method may further include causing a service authorization information request including a user security settings package to be sent to a policy decisioning server. The method may also include receiving, in response to the service authorization information request, a service authorization information answer including a modified user security settings package including the authorization policy information for the user equipment device. The method may additionally include causing the requested security key related policy information to be sent to the service providing node. Corresponding systems and apparatuses are also provided.Type: GrantFiled: April 29, 2010Date of Patent: August 19, 2014Assignee: Nokia CorporationInventors: Silke Holtmanns, Pekka Laitinen
-
Patent number: 8726023Abstract: Methods, a client entity, network entities, a system, and a computer program product perform authentication between a client entity and a network. The network includes at least a bootstrapping server function entity and a network application function entity. The client entity is not able to communicate with both of the network entities in a bidirectional manner. The 3GPP standard Ub reference point between the client entity and the bootstrapping server function entity is not utilized for authentication purposes, such as authentication using GAA functionality for unidirectional network connections.Type: GrantFiled: April 19, 2005Date of Patent: May 13, 2014Assignee: Nokia CorporationInventor: Pekka Laitinen
-
Patent number: 8626708Abstract: A method and arrangements for managing user data stored in a database of a communications system where the database is managed by a main controller is disclosed. In the method a user is first authenticated, where after an application entity can manage user data in the database that associates with the user and an application by communicating data between the application entity and a second entity connected to the communications system.Type: GrantFiled: October 13, 2005Date of Patent: January 7, 2014Assignee: Nokia CorporationInventors: Pekka Laitinen, Silke Holtmanns
-
Patent number: 8621203Abstract: An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.Type: GrantFiled: June 22, 2009Date of Patent: December 31, 2013Assignee: Nokia CorporationInventors: Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Ville Aarni, Miikka Sainio, Niklas Von Knorring, Dmitry Kolesnikov, Atte Lahtiranta
-
Patent number: 8582762Abstract: This invention relates to security procedures in a communication system, specifically to production of key material. The invention provides a method for producing key material in a highly secure way for use in communication with a local network of a company. The method uses authentication information obtained from the communication system and information exchanged locally between a mobile station and the authentication systems of the company to produce a communication key for use in authentication procedures or e.g. for signing and/or encrypting data.Type: GrantFiled: September 16, 2005Date of Patent: November 12, 2013Assignee: Nokia CorporationInventors: Silke Holtmanns, Pekka Laitinen, Philip Ginzboorg, Kari Miettinen, Jaakko Rajaniemi
-
Patent number: 8543814Abstract: A method and apparatus for authenticating to a third party service provider from a personal computer. The method includes authenticating, with a mobile terminal, to the service provider with a universal subscriber identity module associated with the mobile terminal to obtain credentials specific to the service provider, transferring the credentials specific to the service provider from the mobile terminal to the personal computer, and accessing the service provider with the personal computer using the credentials transferred from the mobile terminal. The apparatus includes a mobile terminal, a computing device, a bootstrapping security module, and a network application function that cooperatively work to allow the computing device to access the network application function using a security credential from the mobile terminal.Type: GrantFiled: January 10, 2006Date of Patent: September 24, 2013Assignee: RPX CorporationInventors: Pekka Laitinen, Shreekanth Lakshmeshwar
-
Patent number: 8522025Abstract: One aspect of the invention discloses a method of authenticating an application. The method comprising performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function; deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier; providing an application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures; receiving a response from the application; and authenticating the application by validating the response with the shared key.Type: GrantFiled: October 18, 2006Date of Patent: August 27, 2013Assignee: Nokia CorporationInventors: Shreekanth Lakshmeshwar, Philip Ginzboorg, Pekka Laitinen, Silke Holtmanns
-
Patent number: 8458799Abstract: An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.Type: GrantFiled: June 30, 2009Date of Patent: June 4, 2013Assignee: Nokia CorporationInventors: Yan Fu, Ari Vepsäläinen, Ari Antero Aarnio, Markku Kalevi Vimpari, Pekka Laitinen
-
Patent number: 8213901Abstract: There is disclosed a method for verifying a first identity and a second identity of an entity, said method comprising: receiving a first and second identity of said entity at a checking entity; sending information relating to at least one of the first and second identities to a home subscriber entity; and verifying that said first and second identities both belong to the entity from which said first and second identities have been received.Type: GrantFiled: April 26, 2005Date of Patent: July 3, 2012Assignee: Nokia CorporationInventors: Auvo Hartikainen, Kalle Tammi, Toni Miettinen, Lauri Laitinen, Philip Ginzboorg, Pekka Laitinen