Patents by Inventor Rolf Blom

Rolf Blom has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20110302627
    Abstract: A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database.
    Type: Application
    Filed: February 18, 2009
    Publication date: December 8, 2011
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Luis Barriga, Karl Norrman
  • Publication number: 20110256850
    Abstract: Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.
    Type: Application
    Filed: December 19, 2008
    Publication date: October 20, 2011
    Inventors: Göran Selander, Jari Vikberg, Karl Norrman, Rolf Blom, Mats Naslund
  • Publication number: 20110213958
    Abstract: Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network.
    Type: Application
    Filed: November 5, 2008
    Publication date: September 1, 2011
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Fredrik Lindholm, Rolf Blom
  • Publication number: 20110206206
    Abstract: A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
    Type: Application
    Filed: March 13, 2009
    Publication date: August 25, 2011
    Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Rolf Blom, Fredrik Lindholm, Mats Naslund, Karl Norrman
  • Patent number: 7987366
    Abstract: The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb).
    Type: Grant
    Filed: February 11, 2004
    Date of Patent: July 26, 2011
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rolf Blom, Mats Naslund, Elisabetta Carrara, Fredrik Lindholm, Karl Norrman
  • Publication number: 20110126017
    Abstract: The invention relates to secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function. Corresponding communication network nodes and methods of their operation are also disclosed.
    Type: Application
    Filed: December 22, 2008
    Publication date: May 26, 2011
    Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Rolf Blom, David Castellanos Zamora
  • Publication number: 20110107082
    Abstract: A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headesr, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.
    Type: Application
    Filed: June 16, 2008
    Publication date: May 5, 2011
    Applicant: Telefonaktiebolaget LM Ericsson
    Inventors: Rolf Blom, Karl Norrman
  • Patent number: 7933591
    Abstract: When a mobile terminal (10), having a basic identity module (12) operative according to a first security standard, initiates a service access, the home network (30) determines whether the mobile terminal has an executable program (14) configured to interact with the basic identity module for emulating an identity module according to the second security standard. If it is concluded that the mobile terminal has such an executable program, a security algorithm is executed at the home network (30) to provide security data according to the second security standard. At least part of these security data are then transferred, transparently to a visited network (20), to the mobile terminal (10). On the mobile terminal side, the executable program (14) is executed for emulating an identity module according to the second security standard using at least part of the transferred security data as input.
    Type: Grant
    Filed: May 17, 2005
    Date of Patent: April 26, 2011
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rolf Blom, Mats Naslund
  • Publication number: 20110093698
    Abstract: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node.
    Type: Application
    Filed: May 6, 2009
    Publication date: April 21, 2011
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Rolf Blom, Yi Cheng, John Mattsson, Mats Naslund, Karl Norrman
  • Publication number: 20110093609
    Abstract: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
    Type: Application
    Filed: February 20, 2009
    Publication date: April 21, 2011
    Inventors: Rolf Blom, Yi Cheng, John Mattsson, Mats Näslund, Karl Norrman
  • Patent number: 7917946
    Abstract: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
    Type: Grant
    Filed: April 10, 2002
    Date of Patent: March 29, 2011
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Fredrik Lindholm, Rolf Blom, Karl Norrman, Göran Selander, Mats Näslund
  • Publication number: 20110059736
    Abstract: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
    Type: Application
    Filed: August 25, 2008
    Publication date: March 10, 2011
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Karl Norrman, Bernard Smeets, Rolf Blom
  • Publication number: 20110047209
    Abstract: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
    Type: Application
    Filed: September 30, 2010
    Publication date: February 24, 2011
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Fredrik LINDHOLM, Rolf Blom, Karl Norrman, Göran Selander, Mats NÄSLUND
  • Publication number: 20110035787
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Application
    Filed: November 5, 2008
    Publication date: February 10, 2011
    Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Naslund, Jari Arkko, Rolf Blom, Vesa Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Publication number: 20110023124
    Abstract: A method for achieving a secure recording and storing of a recorded activity is based on an extended Digital Rights Management (DRM) system. A recording and storing procedure is initiated, in response to recognising one or more triggers at a device hosted by a user equipment. On the basis of the one or more triggers a Rights Issuer is located, and a Recording and Storing Instruction (RSI) is retrieved from the RI, using an existing DRM standard. Based on the RSI, a trusted storage for storing the recorded activity is located, and one or more recording procedures, involving one or more recording equipments, are activated and managed by the device. Before the recorded content is forwarded to the trusted storage, a protected content is generated from the recorded content, according to content of the RSI.
    Type: Application
    Filed: July 10, 2007
    Publication date: January 27, 2011
    Inventors: Göran Selander, Rolf Blom
  • Publication number: 20110022843
    Abstract: When a mobile terminal (10), having a basic identity module (12) operative according to a first security standard, initiates a service access, the home network (30) determines whether the mobile terminal has an executable program (14) configured to interact with the basic identity module for emulating an identity module according to the second security standard. If it is concluded that the mobile terminal has such an executable program, a security algorithm is executed at the home network (30) to provide security data according to the second security standard. At least part of these security data are then transferred, transparently to a visited network (20), to the mobile terminal (10). On the mobile terminal side, the executable program (14) is executed for emulating an identity module according to the second security standard using at least part of the transferred security data as input.
    Type: Application
    Filed: July 16, 2010
    Publication date: January 27, 2011
    Inventors: Rolf Blom, Mats Naslund
  • Publication number: 20110010768
    Abstract: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept.
    Type: Application
    Filed: December 1, 2008
    Publication date: January 13, 2011
    Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Luis Barriga, Rolf Blom, Yi Cheng, Fredrik Lindholm, Mats Naslund, Karl Norrman
  • Publication number: 20100316223
    Abstract: A security key, K_eNB, for protecting RRC/UP traffic between a User Equipment, UE, and a serving eNodeB is established by a method and an arrangement in a Mobility Management Entity, MME, and in said UE, of an Evolved Packet System, EPS. The MME and the UE derives the security key, K_eNB, from at least an NAS uplink sequence number, NAS_U_SEQ, sent from the UE to the MME, and from an Access Security Management Entity-key, K_ASME, shared between the MME and the UE.
    Type: Application
    Filed: May 20, 2008
    Publication date: December 16, 2010
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON
    Inventors: Rolf Blom, Gunnar Mildh, Karl Norrman
  • Publication number: 20100268937
    Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
    Type: Application
    Filed: November 30, 2007
    Publication date: October 21, 2010
    Applicant: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Rolf Blom, Yi Cheng, Fredrik Lindholm, John Mattsson, Mats Naslund, Karl Norrman
  • Publication number: 20100267363
    Abstract: In a method and a system for providing secure communication in a cellular radio system radio base station key is generated by determining a set of data bits known to both the UE and the radio base station, and creating the radio base station key in response to the determined set of data.
    Type: Application
    Filed: July 1, 2008
    Publication date: October 21, 2010
    Inventors: Rolf Blom, Magnus Lindstrom, Karl Norrman