Patents by Inventor Rolf Blom
Rolf Blom has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150065092Abstract: A Terminal Identity Token is created for identifying a User Equipment (UE) connected to a radio base station in a radio system. The UE communicates with the radio base station via a secure communication associated with an existing cryptographic key. The Terminal Identity Token is created based on a physical cell identity of a target cell known to both the UE and the radio base station, the terminal identity, and the existing key. By using the Terminal Identity Token, a secure communication can be established and enhanced without having to provide for additional security network components or additional signaling.Type: ApplicationFiled: November 6, 2014Publication date: March 5, 2015Inventors: Rolf Blom, Magnus Stattin, Karl Norrman
-
Patent number: 8966105Abstract: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.Type: GrantFiled: February 20, 2009Date of Patent: February 24, 2015Assignee: Telefonaktiebolget L M Ericsson (publ)Inventors: Rolf Blom, Yi Cheng, John Mattsson, Mats Nåslund, Karl Norrman
-
Publication number: 20150046981Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.Type: ApplicationFiled: October 28, 2014Publication date: February 12, 2015Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Wassim HADDAD, Rolf Blom, Mats Naslund
-
Patent number: 8942377Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.Type: GrantFiled: February 12, 2010Date of Patent: January 27, 2015Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Wassim Haddad, Rolf Blom, Mats Naslund
-
Patent number: 8938076Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.Type: GrantFiled: January 9, 2014Date of Patent: January 20, 2015Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Rolf Blom, Gunnar Mildh, Karl Norman
-
Publication number: 20140351595Abstract: A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.Type: ApplicationFiled: August 8, 2014Publication date: November 27, 2014Inventors: Rolf Blom, Fredrik Lindholm, Mats Näslund, Karl Norrman
-
Patent number: 8875232Abstract: A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database.Type: GrantFiled: February 18, 2009Date of Patent: October 28, 2014Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Rolf Blom, Luis Barriga, Karl Norrman
-
Patent number: 8868912Abstract: A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.Type: GrantFiled: January 11, 2012Date of Patent: October 21, 2014Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Rolf Blom, Karl Norrman
-
Patent number: 8837737Abstract: A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.Type: GrantFiled: March 13, 2009Date of Patent: September 16, 2014Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Rolf Blom, Fredrik Lindholm, Mats Naslund, Karl Norrman
-
Patent number: 8832821Abstract: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept.Type: GrantFiled: March 13, 2013Date of Patent: September 9, 2014Assignee: Telefonaktiebolaget LM Ericsson (PUBL)Inventors: Luis Barriga, Rolf Blom, Yi Cheng, Fredrik Lindholm, Mats Naslund, Karl Norrman
-
Patent number: 8811987Abstract: Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.Type: GrantFiled: December 19, 2008Date of Patent: August 19, 2014Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Göran Selander, Jari Vikberg, Karl Norrman, Rolf Blom, Mats Näslund
-
Publication number: 20140228003Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UBE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.Type: ApplicationFiled: April 21, 2014Publication date: August 14, 2014Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
-
Publication number: 20140185809Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.Type: ApplicationFiled: January 9, 2014Publication date: July 3, 2014Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)Inventors: Rolf Blom, Gunnar Mildh, Karl Norman
-
Patent number: 8750506Abstract: Methods and apparatus facilitate secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function.Type: GrantFiled: December 22, 2008Date of Patent: June 10, 2014Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Rolf Blom, David Castellanos Zamora
-
Patent number: 8745374Abstract: A method of sending protected data from a sender unit to a receiver unit via an intermediate unit. The intermediate unit stores information associated with a certificate belonging to the receiver unit, and information associated with a certificate belonging to the intermediate unit, which has previously been signed by the receiver unit. The intermediate unit receives a request from the sender unit to send protected data to the receiver unit, and so it sends a response to the sender unit. The response includes the information associated with the certificate belonging to the receiver unit, which allows the sender unit to verify that the intermediate unit is authorized to receive data on behalf of the receiver unit. The intermediate unit then receives data from the sender unit that is protected using the information associated with the certificate belonging to the receiver unit for subsequent forwarding to the receiver unit.Type: GrantFiled: October 1, 2009Date of Patent: June 3, 2014Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Rolf Blom, Fredrik Lindholm, John Mattsson
-
Patent number: 8706086Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.Type: GrantFiled: October 11, 2013Date of Patent: April 22, 2014Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
-
Publication number: 20140096193Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.Type: ApplicationFiled: November 26, 2013Publication date: April 3, 2014Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
-
Patent number: 8661243Abstract: A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headers, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.Type: GrantFiled: June 16, 2008Date of Patent: February 25, 2014Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Rolf Blom, Karl Norrman
-
Patent number: 8660270Abstract: A security key, K_eNB, for protecting RRC/UP traffic between a User Equipment, UE, and a serving eNodeB is established by a method and an arrangement in a Mobility Management Entity, MME, and in said UE, of an Evolved Packet System, EPS. The MME and the UE derives the security key, K_eNB, from at least an NAS uplink sequence number, NAS_U_SEQ, sent from the UE to the MME, and from an Access Security Management Entity-key, K_ASME, shared between the MME and the UE.Type: GrantFiled: May 20, 2008Date of Patent: February 25, 2014Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
-
Publication number: 20140053241Abstract: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node.Type: ApplicationFiled: April 27, 2011Publication date: February 20, 2014Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)Inventors: Karl Norrman, Rolf Blom, Mats Näslund