Patents by Inventor Rolf Blom

Rolf Blom has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10356619
    Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: July 16, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Publication number: 20190167772
    Abstract: The present invention describes vaccine compositions for treatment and/or prevention against sea lice infestation in salmon. The present invention further describes nucleic acids, host cells, vectors and methods of using said vaccine for the prevention and/or treatment of sea lice infestation in salmon.
    Type: Application
    Filed: August 16, 2017
    Publication date: June 6, 2019
    Inventors: Jose de Jesus de la Fuente Garcia, Marinela Contreras Rojo, Margarita Maria Villar Rayo, Marius Andre De Feijter Karlsen, Bjorn Erik Brudeseth, Karine Lindmo Yttredal, Christer Ross Wiik-Nielsen, Rolf Hetlelid Olsen, Liv Blom Hungerholdt
  • Publication number: 20180332470
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Application
    Filed: July 24, 2018
    Publication date: November 15, 2018
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Patent number: 10091175
    Abstract: A mobile device and an authentication server are configured to re-establish a security context that was previously established using an Authentication Key Agreement (AKA) procedure. The re-establishment advantageously uses re-use information saved from the preceding AKA procedure, including using synchronization information for each such re-establishment that occurs between AKA procedures. The synchronization information particularly identifies each instance of re-establishment and depends on a sequence number assigned to the preceding AKA procedure and on any previous instances of re-establishing the security context.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: October 2, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Patent number: 10057055
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: August 21, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Publication number: 20180206118
    Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.
    Type: Application
    Filed: March 13, 2018
    Publication date: July 19, 2018
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 9949118
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: April 17, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 9749318
    Abstract: A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: August 29, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, Fredrik Lindholm, Mats Näslund, Karl Norrman
  • Patent number: 9686399
    Abstract: A method for protecting a wireless communications device against unauthorized use of functionality provided by the wireless communications device, the method comprising: receiving a binding command to bind the wireless communications device to a subscription identification module operationally coupled to the wireless communications device and associated with a subscription to a communications service; responsive to the received command, storing a module identifier identifying the subscription identification module; and storing a device identifier identifying the wireless communications device; obtaining an unbind code and storing the obtained unbind code; performing a module verification verifying that a subscription identification module identified by a stored module identifier is operationally coupled to the wireless communications device, performing a device verification verifying whether a wireless communications device identified by a stored device identifier is operationally coupled to the subscription
    Type: Grant
    Filed: September 7, 2012
    Date of Patent: June 20, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, Bernard Smeets
  • Publication number: 20170170954
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Application
    Filed: February 27, 2017
    Publication date: June 15, 2017
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Patent number: 9641494
    Abstract: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
    Type: Grant
    Filed: July 3, 2015
    Date of Patent: May 2, 2017
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Rolf Blom, Karl Norrman, Mats Näslund
  • Patent number: 9628271
    Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: April 18, 2017
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Rolf Blom, Yi Cheng, Fredrik Lindholm, John Mattsson, Mats Naslund, Karl Norrman
  • Patent number: 9615249
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: April 4, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Patent number: 9537960
    Abstract: A solution making it possible for one telecommunication network operator (10?) to act as intermediate distributor or administrator of a content provider (60) for a multitude of operators (20) is presented. The content provider (60) has a single relation to the central operator (10?), in turn having relations to other operators (20). It is thus possible for the content provider (60) to reach all users (30) of all operators (10?, 20) through a single relation to that operator (10?). The content provider (60) provides service content, e.g. media content. A list of targeted users (30) or subscribers is compiled. The central operator (10?) collects necessary subscriber attributes (80), such as position, device information and access properties, from the other operators (20). The content is modified according to the collected attributes (80), and the content is distributed to the subscribers (30) in the best possible way.
    Type: Grant
    Filed: April 1, 2005
    Date of Patent: January 3, 2017
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Jerker Widmark, Rolf Blom, Steinar Dahlin, Clary Hallberg Dahlin
  • Patent number: 9503890
    Abstract: A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s).
    Type: Grant
    Filed: July 11, 2006
    Date of Patent: November 22, 2016
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON
    Inventors: Karl Norrman, Rolf Blom, Fredrik Lindholm
  • Publication number: 20160255500
    Abstract: In a method and a system for providing secure communication in a cellular radio system radio base station key is generated by determining a set of data bits known to both the UE and the radio base station, and creating the radio base station key in response to the determined set of data.
    Type: Application
    Filed: November 25, 2015
    Publication date: September 1, 2016
    Inventors: Rolf Blom, Magnus Stattin, Karl Norrman
  • Patent number: 9407616
    Abstract: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: August 2, 2016
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Publication number: 20160183091
    Abstract: A mobile device and an authentication server are configured to re-establish a security context that was previously established using an Authentication Key Agreement (AKA) procedure. The re-establishment advantageously uses re-use information saved from the preceding AKA procedure, including using synchronization information for each such re-establishment that occurs between AKA procedures. The synchronization information particularly identifies each instance of re-establishment and depends on a sequence number assigned to the preceding AKA procedure and on any previous instances of re-establishing the security context.
    Type: Application
    Filed: March 1, 2016
    Publication date: June 23, 2016
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Patent number: 9294916
    Abstract: A Terminal Identity Token is created for identifying a User Equipment (UE) connected to a radio base station in a radio system. The UE communicates with the radio base station via a secure communication associated with an existing cryptographic key. The Terminal Identity Token is created based on a physical cell identity of a target cell known to both the UE and the radio base station, the terminal identity, and the existing key. By using the Terminal Identity Token, a secure communication can be established and enhanced without having to provide for additional security network components or additional signaling.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: March 22, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Magnus Stattin, Karl Norrman
  • Publication number: 20160056959
    Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
    Type: Application
    Filed: October 30, 2015
    Publication date: February 25, 2016
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf BLOM, Yi CHENG, Fredrik LINDHOLM, John MATTSSON, Mats NASLUND, Karl NORRMAN