Patents by Inventor Ulf Mattsson

Ulf Mattsson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10467428
    Abstract: A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first substring of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first substring of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second substring of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used.
    Type: Grant
    Filed: March 27, 2017
    Date of Patent: November 5, 2019
    Assignee: Protegrity Corporation
    Inventor: Ulf Mattsson
  • Patent number: 10455382
    Abstract: Handling a plurality of Presence Reporting Areas, PRAs, may currently present inconsistencies between the PRAs active in a policy controller and those PRAs active in a network node handling UE mobility, e.g. MME/SGSN. To overcome these and other drawbacks, there are provided enhanced policy controller, network node and method of handling a plurality of PRAs. This method comprises selecting, at the policy controller, a plurality of applicable PRAs; transmitting from the policy controller, and receiving at the network node, the plurality of applicable PRAs; selecting, at the network node from the plurality of applicable PRAs, a number of PRAs to be active at the network node; and transmitting from the network node, and receiving at the policy controller, at least one of: an indication on whether a UE is inside or outside a PRA, and an indication on whether a PRA is or is not accepted to be active by the network node.
    Type: Grant
    Filed: November 8, 2016
    Date of Patent: October 22, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Maria Belen Pancorbo Marcos, Roland Gustafsson, Josefin Karlsson, Åsa Larsen, Irene Martin Cabello, Ulf Mattsson
  • Patent number: 10440568
    Abstract: The embodiments herein relate to a method in a wireless device (101) for enabling trusted communication between a wireless device entity (101a) and a second network node (105) via a first network node (103). The wireless device (101) and the first network node (103) are adapted to communicate using a secure communication channel. The wireless device (101) transmits a message to the first network node (103) using the secure communication channel. The message comprises information indicating that the wireless device entity (101a) is comprised in a trusted zone of the wireless device (101). The trusted zone is at least partly trusted by the first network node (103).
    Type: Grant
    Filed: October 17, 2013
    Date of Patent: October 8, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Ulf Mattsson, Victor Manuel Avila Gonzalez, Anders Lundström
  • Patent number: 10440531
    Abstract: A method and apparatus for providing information relating to delivery of a service from a server to a mobile device. A node in a Radio Access Network (RAN) receives from an interaction device an instruction message indicating that the mobile device is authorized to exchange service delivery information relating to delivery of the service from the server to the mobile device with the node in the RAN. The node can then exchange service delivery information with the mobile device. The interaction device need not maintain state, as it simply authorizes the mobile device to interact directly with the node in the RAN. Furthermore, signaling between the interaction device and the node in the RAN is reduced.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: October 8, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Tomas Nylander, Ulf Mattsson
  • Patent number: 10405154
    Abstract: Example embodiments presented herein are directed towards a wireless device and a Policy Control and Charging (PCC) based node, and methods therein, for managing an operating system and/or application behavior based on an indication of a network initiated policy and/or charge change. Thus, based on an indication of such a change, an applications behavior may be modified accordingly. Examples of such modification comprise initiating or restriction a communication with the network. Examples of a network initiated policy and/or charge change comprise a start or end to a non-metered connection or a change in a QoS level.
    Type: Grant
    Filed: February 24, 2015
    Date of Patent: September 3, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Anders Lundström, Ulf Mattsson, Aldo Bolle, Peng Li, Lasse Olsson
  • Patent number: 10382918
    Abstract: Embodiments herein relate to systems and methods for providing monitoring services comprising receiving, at an aggregator proxy function, APF in a first Public Land Mobile Network, PLMN, a first event report transmitted by a monitoring function in the first PLMN. The first event report comprising first event information related to a monitoring event, and a request identifier. Further, receiving, at the APF, a second event report transmitted by a monitoring function in the first PLMN. The second event report comprising second event information related to the monitoring event, and said request identifier. After receiving the first and second event reports, the APF transmitting an aggregate event report to a report receiving function not in the first PLMN.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: August 13, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Ulf Mattsson, Josefin Karlsson
  • Publication number: 20190171839
    Abstract: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.
    Type: Application
    Filed: February 6, 2019
    Publication date: June 6, 2019
    Inventors: Yigal Rozenberg, Ulf Mattsson
  • Publication number: 20190141025
    Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.
    Type: Application
    Filed: January 5, 2019
    Publication date: May 9, 2019
    Inventors: Ulf Mattsson, Yigal Rozenberg, Vichai Levy
  • Patent number: 10284531
    Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: May 7, 2019
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Zvika Ferentz
  • Patent number: 10242216
    Abstract: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: March 26, 2019
    Assignee: Protegrity Corporation
    Inventors: Yigal Rozenberg, Ulf Mattsson
  • Patent number: 10212155
    Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.
    Type: Grant
    Filed: January 16, 2018
    Date of Patent: February 19, 2019
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Yigal Rozenberg, Vichai Levy
  • Patent number: 10211978
    Abstract: Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.
    Type: Grant
    Filed: May 27, 2017
    Date of Patent: February 19, 2019
    Assignee: Protegrity Corporation
    Inventor: Ulf Mattsson
  • Publication number: 20190052733
    Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.
    Type: Application
    Filed: October 12, 2018
    Publication date: February 14, 2019
    Inventors: Vichai Levy, Yigal Rozenberg, Rajnish Jain, Ulf Mattsson
  • Publication number: 20190018981
    Abstract: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.
    Type: Application
    Filed: August 30, 2018
    Publication date: January 17, 2019
    Inventors: Yigal Rozenberg, Ulf Mattsson
  • Publication number: 20180337897
    Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.
    Type: Application
    Filed: August 1, 2018
    Publication date: November 22, 2018
    Inventors: Ulf Mattsson, Zvika Ferentz
  • Publication number: 20180332451
    Abstract: Example embodiments presented herein are directed towards a wireless device and a Policy Control and Charging (PCC) based node, and methods therein, for managing an operating system and/or application behaviour based on an indication of a network initiated policy and/or charge change. Thus, based on an indication of such a change, an applications behaviour may be modified accordingly. Examples of such modification comprise initiating or restriction a communication with the network. Examples of a network initiated policy and/or charge change comprise a start or end to a non-metered connection or a change in a QoS level.
    Type: Application
    Filed: February 24, 2015
    Publication date: November 15, 2018
    Inventors: Anders Lundström, Ulf Mattsson, Aldo Bolle, Peng Li, Lasse Olsson
  • Patent number: 10129370
    Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.
    Type: Grant
    Filed: July 30, 2015
    Date of Patent: November 13, 2018
    Assignee: Protegrity Corporation
    Inventors: Vichai Levy, Yigal Rozenberg, Rajnish Jain, Ulf Mattsson
  • Patent number: 10089493
    Abstract: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: October 2, 2018
    Assignee: Protegrity Corporation
    Inventors: Yigal Rozenberg, Ulf Mattsson
  • Patent number: 10069804
    Abstract: Structured data, such as email addresses, social security numbers, and the like is accessed for encoding. A set of encoding rules including one or more encoding actions and/or encoding components corresponding to each of one or more structured data components is accessed. The set of encoding rules can include one or more encoding actions and/or one or more encoding components corresponding to each of one or more structured data components. Encoding actions can include tokenization, encryption, data masking, data modification, and the like. The one or more components of the structured data are encoded based on the accessed set of encoding rules. The encoded structured data is stored, processed, or outputted to an external entity.
    Type: Grant
    Filed: August 15, 2016
    Date of Patent: September 4, 2018
    Assignee: Protegrity Corporation
    Inventors: Yigal Rozenberg, Ulf Mattsson, Raul Ortega
  • Patent number: 10068106
    Abstract: A tokenization system includes a vector table and one or more token tables. The tokenization system accesses sensitive data and a vector from a vector table column, and modifies the sensitive data based on the accessed vector. The tokenization system then queries the one or more token tables using a portion of the modified data to identify a token mapped to the portion of the modified data. The portion of the modified data is replaced with the token to create tokenized data. The vector table can be updated by replacing a vector table column with an updated vector table column. The tokenization system can modify subsequent data using the updated vector column prior to tokenization.
    Type: Grant
    Filed: August 18, 2017
    Date of Patent: September 4, 2018
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Yigal Rozenberg, Vichai Levy