Patents by Inventor Tao Haukka

Tao Haukka has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9712506
    Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a network entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.
    Type: Grant
    Filed: April 2, 2008
    Date of Patent: July 18, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, Tao Haukka, Pekka Johannes Laitinen
  • Patent number: 8150393
    Abstract: A method for handling service failures for in a communications network comprising a user equipment, a first network element and a serving network element, the method comprising the following steps. Receiving at the first network element a first message from the user equipment. Transmitting the first message from the first network element to the serving network element. Detecting at the first network element that the serving network element is out of service. Determining at the first network element the type of the first message, and in dependence on the type of the first message sending from the first network element to the user equipment an error message including an indication that the serving network element is out of service.
    Type: Grant
    Filed: October 21, 2004
    Date of Patent: April 3, 2012
    Assignee: Nokia Corporation
    Inventors: Georg Mayer, Tao Haukka, Hannu Hietalahti, Miikka Poikselkä
  • Patent number: 8139520
    Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.
    Type: Grant
    Filed: May 3, 2004
    Date of Patent: March 20, 2012
    Assignee: Nokia Corporation
    Inventors: Henry Haverinen, Tao Haukka, Valtteri Niemi
  • Patent number: 8045540
    Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.
    Type: Grant
    Filed: May 3, 2005
    Date of Patent: October 25, 2011
    Assignee: Nokia Corporation
    Inventors: Gabor Bajko, Miguel A. Garcia-Martin, Valtteri Niemi, Tao Haukka
  • Patent number: 7908484
    Abstract: Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
    Type: Grant
    Filed: August 18, 2004
    Date of Patent: March 15, 2011
    Assignee: Nokia Corporation
    Inventors: Tao Haukka, Aki Niemi
  • Publication number: 20100303242
    Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a net-work entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.
    Type: Application
    Filed: April 2, 2008
    Publication date: December 2, 2010
    Applicant: NOKIA CORPORATION
    Inventors: Silke Holtmanns, Tao Haukka, Pekka Johannes Laitinen
  • Patent number: 7844815
    Abstract: An apparatus and method for selecting a security association timer between user equipment and a control entity in a communication system are disclosed. The apparatus includes a transmitter configured to transmit a registration request message to a control entity in a communication system, whereby the registration request message is configured to request registration with the control entity. The apparatus further includes a receiver configured to receive an authentication challenge including a temporary timer, whereby the temporary timer is configured to set a time duration for the apparatus to respond to the authentication challenge. The receiver is further configured to receive an acknowledgement message including a security association timeout value in response to the transmitted registration message, whereby the security association timeout value includes a set time length of a security association equal to a registration time length set for registration of the apparatus.
    Type: Grant
    Filed: July 29, 2008
    Date of Patent: November 30, 2010
    Assignee: Nokia Corporation
    Inventors: Gábor Bajko, Tao Haukka
  • Publication number: 20080295168
    Abstract: An apparatus and method for selecting a security association timer between user equipment and a control entity in a communication system are disclosed. The apparatus includes a transmitter configured to transmit a registration request message to a control entity in a communication system, whereby the registration request message is configured to request registration with the control entity. The apparatus further includes a receiver configured to receive an authentication challenge including a temporary timer, whereby the temporary timer is configured to set a time duration for the apparatus to respond to the authentication challenge. The receiver is further configured to receive an acknowledgement message including a security association timeout value in response to the transmitted registration message, whereby the security association timeout value includes a set time length of a security association equal to a registration time length set for registration of the apparatus.
    Type: Application
    Filed: July 29, 2008
    Publication date: November 27, 2008
    Inventors: Gabor Bajko, Tao Haukka
  • Publication number: 20080294560
    Abstract: A method comprising receiving at a user equipment encrypted content. The content is stored in said user equipment in an encrypted form. At least one key for decryption of said stored encrypted content is stored in the user equipment.
    Type: Application
    Filed: May 22, 2007
    Publication date: November 27, 2008
    Inventors: Silke Holtmanns, Pekka Laitinen, Tao Haukka
  • Patent number: 7434258
    Abstract: A method for selecting a time length of a security association (SA) between user equipment (UE) which transmits and receives communications and a control entity in a communication system in accordance with the invention, includes transmitting a registration message (SM1) from the user equipment to the control entity (P-CSCF) requesting registration of the user equipment with the control entity; after transmission of the registration message, setting the time length of the security association between the user equipment and the control entity to be equal to a registration time length set between the user equipment and the control entity during which registration of the user equipment with the control entity is valid; and transmitting the set time length of the security association to the user equipment as part of an acknowledgment message (SM10 or SM12) to the registration message to cause the security association to have a time equal to the registration timer length.
    Type: Grant
    Filed: January 16, 2003
    Date of Patent: October 7, 2008
    Assignee: Nokia Corporation
    Inventors: Gábor Bajko, Tao Haukka
  • Publication number: 20070275710
    Abstract: A method for handling service failures for in a communications network comprising a user equipment, a first network element and a serving network element, the method comprising the following steps. Receiving at the first network element a first message from the user equipment. Transmitting the first message from the first network element to the serving network element. Detecting at the first network element that the serving network element is out of service. Determining at the first network element the type of the first message, and in dependence on the type of the first message sending from the first network element to the user equipment an error message including an indication that the serving network element is out of service.
    Type: Application
    Filed: October 21, 2004
    Publication date: November 29, 2007
    Inventors: Georg Mayer, Tao Haukka, Hannu Hietalahti, Mikka Poikselka
  • Publication number: 20070100968
    Abstract: The invention relates to a method for updating a wireless device connected to a cellular network utilizing Instant Messaging and Presence Service protocol (IMPS) defined by open Mobile Alliance. In the method a server connected to the cellular network transmits a configuration message to the wireless device including a CIDPrefix, which includes a provider specific identity string. The wireless device which has received the configuration message adds to the provider-specific identity string separation marks and a supplier-specific internal identity string. After that the wireless device uses this concatenated identity string as a ClientID with the server which sent the configuration message. The invention relates also to a configuration message, wireless device, server and device management system utilizing the method. The invention relates also to computer programs implementing the method in a server and a wireless device.
    Type: Application
    Filed: October 27, 2005
    Publication date: May 3, 2007
    Inventors: Zoltan Ordogh, Tao Haukka, Kaisu Mattila, Jari Valimaa, Janne Vento, Tommi Kangas
  • Publication number: 20070003051
    Abstract: A system for presence publication, such as in a push-to-talk over cellular service, provides means for avoiding the reporting of conflicting presence information to a presence server. Two different entities may be capable of reporting status information for the same entity, the status information corresponding to a plurality of status attributes. The first entity would typically inform the second entity which ones of the plurality of status attributes for which the first entity will be reporting status information to the presence server. For the ones of the plurality of status attributes for which the first entity will be reporting status information, the second entity will typically not report status information. For the ones of the plurality of status attributes for which the first entity will not be reporting status information, the second entity will typically report status information if capable.
    Type: Application
    Filed: November 29, 2005
    Publication date: January 4, 2007
    Inventors: Krisztian Kiss, Tao Haukka, Pekka Kuure
  • Publication number: 20060235981
    Abstract: The invention relates to providing services to a group of users, wherein the group of users is assigned to a first service, the group being identified by a common group identity, and each of the users assigned to the first service may have different states regarding the first service. The invention proposes methods, network control elements and terminal devices in order to provide a second service with respect to the users of the first service based on their state regarding the first service.
    Type: Application
    Filed: January 24, 2006
    Publication date: October 19, 2006
    Inventors: Ilkka Westman, Tao Haukka, Reijo Nousiainen, Arto Leppisaari, Jari Mutikainen
  • Publication number: 20050249219
    Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.
    Type: Application
    Filed: May 3, 2005
    Publication date: November 10, 2005
    Inventors: Gabor Bajko, Miguel Garcia-Martin, Valtteri Niemi, Tao Haukka
  • Publication number: 20050243719
    Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.
    Type: Application
    Filed: May 3, 2004
    Publication date: November 3, 2005
    Inventors: Henry Haverinen, Tao Haukka, Valtteri Niemi
  • Patent number: 6895439
    Abstract: The present invention is a system and method which provides authentication for data services for at least one UE (12) using common authentication information based upon information stored in a HSS (16) of a home network (20) of the at least one UE for multiple protocols. At least one proxy server (18) stores authentication information for each of the protocols which may be used to provide data services to the at least one UE. Authentication of the protocols available to the least one UE uses the authentication information stored at the at least one proxy server obtained from the protocol used in the home network of the at least one UE.
    Type: Grant
    Filed: March 31, 2003
    Date of Patent: May 17, 2005
    Assignee: Nokia Corporation
    Inventors: Markus Isomäki, Jose Costa-Requena, Atte Länsisalmi, Valtteri Niemi, Aki Niemi, Tao Haukka, Gabor Bajko, Tommi Viitanen
  • Publication number: 20050102501
    Abstract: A communication system including at least one user equipment and at least one network application functional entity is disclosed. The system further includes a bootstrapping functional entity. The user equipment includes means to transmit a request to push authentication information to at least one network application function. The bootstrapping functional entity includes receiving means for receiving the request from the user equipment, and transmitting means for transmitting the authentication information to the at least one network application function entity. The at least one network application function includes means adapted to receive unsolicited bootstrapping information from the bootstrapping functional entity.
    Type: Application
    Filed: January 21, 2004
    Publication date: May 12, 2005
    Inventors: Tao Haukka, Pekka Laitinen, Nadarajah Asokan
  • Publication number: 20050044365
    Abstract: Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
    Type: Application
    Filed: August 18, 2004
    Publication date: February 24, 2005
    Inventors: Tao Haukka, Aki Niemi
  • Publication number: 20040139198
    Abstract: A method and apparatus for updating authorization and other persistent data using the session initiation protocol. In one aspect, a computing device sends a SIP PUBLISH message (or any other appropriate SIP message) to a second networked computing device. The second device extracts data from the SIP message and uses the extracted data to modify and/or update a set of persistent data. The data may be placed in the body of the SIP message. In one example, the SIP message body uses XML enclosing a remote procedure call or a call processing script.
    Type: Application
    Filed: January 15, 2003
    Publication date: July 15, 2004
    Inventors: Jose Costa-Requena, Tao Haukka, Aki Niemi, Markus Isomaki, Eva-Maria Leppanen, Mikko Lonnfors, Juha Kalliokulju, Krisztian Kiss