Patents by Inventor Rolf Blom

Rolf Blom has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8938076
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Grant
    Filed: January 9, 2014
    Date of Patent: January 20, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norman
  • Publication number: 20140351595
    Abstract: A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
    Type: Application
    Filed: August 8, 2014
    Publication date: November 27, 2014
    Inventors: Rolf Blom, Fredrik Lindholm, Mats Näslund, Karl Norrman
  • Patent number: 8875232
    Abstract: A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database.
    Type: Grant
    Filed: February 18, 2009
    Date of Patent: October 28, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Luis Barriga, Karl Norrman
  • Patent number: 8868912
    Abstract: A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.
    Type: Grant
    Filed: January 11, 2012
    Date of Patent: October 21, 2014
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, Karl Norrman
  • Patent number: 8837737
    Abstract: A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
    Type: Grant
    Filed: March 13, 2009
    Date of Patent: September 16, 2014
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, Fredrik Lindholm, Mats Naslund, Karl Norrman
  • Patent number: 8832821
    Abstract: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: September 9, 2014
    Assignee: Telefonaktiebolaget LM Ericsson (PUBL)
    Inventors: Luis Barriga, Rolf Blom, Yi Cheng, Fredrik Lindholm, Mats Naslund, Karl Norrman
  • Patent number: 8811987
    Abstract: Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.
    Type: Grant
    Filed: December 19, 2008
    Date of Patent: August 19, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Göran Selander, Jari Vikberg, Karl Norrman, Rolf Blom, Mats Näslund
  • Publication number: 20140228003
    Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UBE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
    Type: Application
    Filed: April 21, 2014
    Publication date: August 14, 2014
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
  • Publication number: 20140185809
    Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.
    Type: Application
    Filed: January 9, 2014
    Publication date: July 3, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norman
  • Patent number: 8750506
    Abstract: Methods and apparatus facilitate secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function.
    Type: Grant
    Filed: December 22, 2008
    Date of Patent: June 10, 2014
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Rolf Blom, David Castellanos Zamora
  • Patent number: 8745374
    Abstract: A method of sending protected data from a sender unit to a receiver unit via an intermediate unit. The intermediate unit stores information associated with a certificate belonging to the receiver unit, and information associated with a certificate belonging to the intermediate unit, which has previously been signed by the receiver unit. The intermediate unit receives a request from the sender unit to send protected data to the receiver unit, and so it sends a response to the sender unit. The response includes the information associated with the certificate belonging to the receiver unit, which allows the sender unit to verify that the intermediate unit is authorized to receive data on behalf of the receiver unit. The intermediate unit then receives data from the sender unit that is protected using the information associated with the certificate belonging to the receiver unit for subsequent forwarding to the receiver unit.
    Type: Grant
    Filed: October 1, 2009
    Date of Patent: June 3, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Fredrik Lindholm, John Mattsson
  • Patent number: 8706086
    Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
    Type: Grant
    Filed: October 11, 2013
    Date of Patent: April 22, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
  • Publication number: 20140096193
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Application
    Filed: November 26, 2013
    Publication date: April 3, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 8660270
    Abstract: A security key, K_eNB, for protecting RRC/UP traffic between a User Equipment, UE, and a serving eNodeB is established by a method and an arrangement in a Mobility Management Entity, MME, and in said UE, of an Evolved Packet System, EPS. The MME and the UE derives the security key, K_eNB, from at least an NAS uplink sequence number, NAS_U_SEQ, sent from the UE to the MME, and from an Access Security Management Entity-key, K_ASME, shared between the MME and the UE.
    Type: Grant
    Filed: May 20, 2008
    Date of Patent: February 25, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Patent number: 8661243
    Abstract: A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headers, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.
    Type: Grant
    Filed: June 16, 2008
    Date of Patent: February 25, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Karl Norrman
  • Publication number: 20140053241
    Abstract: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node.
    Type: Application
    Filed: April 27, 2011
    Publication date: February 20, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Karl Norrman, Rolf Blom, Mats Näslund
  • Publication number: 20140038566
    Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
    Type: Application
    Filed: October 11, 2013
    Publication date: February 6, 2014
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
  • Patent number: 8645680
    Abstract: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node.
    Type: Grant
    Filed: May 6, 2009
    Date of Patent: February 4, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rolf Blom, Yi Cheng, John Mattsson, Mats Naslund, Karl Norrman
  • Patent number: 8621570
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Grant
    Filed: November 5, 2008
    Date of Patent: December 31, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Mats Naslund, Jari Arkko, Rolf Blom, Vesa Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 8620267
    Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
    Type: Grant
    Filed: August 25, 2008
    Date of Patent: December 31, 2013
    Assignee: Telefonaktiebolaget L M Ericssion (publ)
    Inventors: Karl Norrman, Bernard Smeets, Rolf Blom