Patents by Inventor Rolf Blom

Rolf Blom has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9258700
    Abstract: Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: February 9, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Fredrik Lindholm, Rolf Blom
  • Patent number: 9253178
    Abstract: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
    Type: Grant
    Filed: July 19, 2011
    Date of Patent: February 2, 2016
    Assignee: Telefonaktiebolaget L M Ericsson
    Inventors: Rolf Blom, Mats Näslund, Karl Norrman
  • Patent number: 9237444
    Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: January 12, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Wassim Haddad, Rolf Blom, Mats Naslund
  • Patent number: 9232390
    Abstract: In a method and a system for providing secure communication in a cellular radio system radio base station key is generated by determining a set of data bits known to both the UE and the radio base station, and creating the radio base station key in response to the determined set of data.
    Type: Grant
    Filed: July 1, 2008
    Date of Patent: January 5, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Magnus Lindstrom, Karl Norrman
  • Publication number: 20150350411
    Abstract: A method for protecting a wireless communications device against unauthorized use of functionality provided by the wireless communications device, the method comprising: receiving a binding command to bind the wireless communications device to a subscription identification module operationally coupled to the wireless communications device and associated with a subscription to a communications service; responsive to the received command, storing a module identifier identifying the subscription identification module; and storing a device identifier identifying the wireless communications device; obtaining an unbind code and storing the obtained unbind code; performing a module verification verifying that a subscription identification module identified by a stored module identifier is operationally coupled to the wireless communications device, performing a device verification verifying whether a wireless communications device identified by a stored device identifier is operationally coupled to the subscription
    Type: Application
    Filed: September 7, 2012
    Publication date: December 3, 2015
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: ROLF BLOM, BERNARD SMEETS
  • Publication number: 20150341788
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Application
    Filed: August 6, 2015
    Publication date: November 26, 2015
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 9178696
    Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
    Type: Grant
    Filed: November 30, 2007
    Date of Patent: November 3, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Yi Cheng, Fredrik Lindholm, John Mattsson, Mats Naslund, Karl Norrman
  • Publication number: 20150312232
    Abstract: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
    Type: Application
    Filed: July 3, 2015
    Publication date: October 29, 2015
    Inventors: Rolf BLOM, Karl NORRMAN, Mats NÄSLUND
  • Patent number: 9137231
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: September 15, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 9106409
    Abstract: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
    Type: Grant
    Filed: March 22, 2007
    Date of Patent: August 11, 2015
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Rolf Blom, Karl Norrman, Mats Näslund
  • Patent number: 9072014
    Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UBE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
    Type: Grant
    Filed: April 21, 2014
    Date of Patent: June 30, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
  • Publication number: 20150146870
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Application
    Filed: December 12, 2014
    Publication date: May 28, 2015
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Publication number: 20150143126
    Abstract: A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.
    Type: Application
    Filed: October 10, 2014
    Publication date: May 21, 2015
    Inventors: Rolf BLOM, Karl Norrman
  • Patent number: 8996858
    Abstract: Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network.
    Type: Grant
    Filed: November 5, 2008
    Date of Patent: March 31, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Fredrik Lindholm, Rolf Blom
  • Publication number: 20150089212
    Abstract: Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network.
    Type: Application
    Filed: December 2, 2014
    Publication date: March 26, 2015
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Fredrik LINDHOLM, Rolf Blom
  • Patent number: 8990563
    Abstract: A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.
    Type: Grant
    Filed: June 8, 2011
    Date of Patent: March 24, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rolf Blom, John Mattsson, Oscar Ohlsson
  • Publication number: 20150065092
    Abstract: A Terminal Identity Token is created for identifying a User Equipment (UE) connected to a radio base station in a radio system. The UE communicates with the radio base station via a secure communication associated with an existing cryptographic key. The Terminal Identity Token is created based on a physical cell identity of a target cell known to both the UE and the radio base station, the terminal identity, and the existing key. By using the Terminal Identity Token, a secure communication can be established and enhanced without having to provide for additional security network components or additional signaling.
    Type: Application
    Filed: November 6, 2014
    Publication date: March 5, 2015
    Inventors: Rolf Blom, Magnus Stattin, Karl Norrman
  • Patent number: 8966105
    Abstract: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
    Type: Grant
    Filed: February 20, 2009
    Date of Patent: February 24, 2015
    Assignee: Telefonaktiebolget L M Ericsson (publ)
    Inventors: Rolf Blom, Yi Cheng, John Mattsson, Mats Nåslund, Karl Norrman
  • Publication number: 20150046981
    Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.
    Type: Application
    Filed: October 28, 2014
    Publication date: February 12, 2015
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Wassim HADDAD, Rolf Blom, Mats Naslund
  • Patent number: 8942377
    Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.
    Type: Grant
    Filed: February 12, 2010
    Date of Patent: January 27, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Wassim Haddad, Rolf Blom, Mats Naslund