Patents by Inventor Valtteri Niemi

Valtteri Niemi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20110201337
    Abstract: It is disclosed a method comprising receiving, prior to a handover operation, first key indication information, creating, prior to the handover operation, key information based on the received first key indication information, retaining the created key information, sending, after the handover operation, the received first key indication information associated with the key information created prior to the handover operation, and retrieving, after the handover operation, the retained key information based on the first key indication information; and a method comprising generating, prior to the handover operation, the first key indication information associated with key information intended to be created, sending, prior to the handover operation, the generated first key indication information, and receiving, after the handover operation, second key indication information corresponding to the generated first key indication information.
    Type: Application
    Filed: December 8, 2008
    Publication date: August 18, 2011
    Applicant: NOKIA CORPORATION
    Inventors: Dan Lars Anders Forsberg, Pentti Valtteri Niemi
  • Patent number: 7995760
    Abstract: The invention relates to a method for ensuring data transmission security between a first and a second communication device in short-range wireless communication. To set up a secure data transmission connection, the communication devices conduct a key exchange stage to generate at least one shared key between the communication devices. After said key exchange stage at least a first and a second check string is formed, said strings being based at least on a unique short random string and on the keys generated in each communication device at said key exchange stage. Thus, the security of the connection that is set up is ensured by comparing the correspondence of said check strings. The invention also relates to a communication system and a communication device, in which the method will be applied.
    Type: Grant
    Filed: June 5, 2002
    Date of Patent: August 9, 2011
    Assignee: Nokia Corporation
    Inventors: Kaisa Nyberg, Valtteri Niemi
  • Patent number: 7962121
    Abstract: During a connection between a network infrastructure and user equipment a first indication of the amount of data transmitted over the connection is maintained in the network infrastructure and a second indication of the amount data transmitted is maintained in the user equipment. A checking procedure is triggered in response to encountering a predetermined checking value. The checking procedure utilizes integrity protected signalling. During the checking procedure the first indication is compared with the second indication. This checking procedure enables easy discovery of an intruder who either sends and/or receives data on an authorized connection between a network infrastructure and a mobile station, the data transmission being charged from the mobile station.
    Type: Grant
    Filed: December 12, 2007
    Date of Patent: June 14, 2011
    Assignee: Nokia Corporation
    Inventors: Jukka Vialen, Valtteri Niemi
  • Publication number: 20110116629
    Abstract: A method, apparatus and computer program product are provided to provide cryptographical key separation for handovers. A method is provided which includes calculating a key based at least in part upon a previously stored first intermediary value. The method also includes calculating a second intermediary value based at least in part upon the calculated key. The method additionally includes sending a path switch acknowledgement including the second intermediary value to a target access point. The method may further include receiving a path switch message including an indication of a cell identification and calculating the encryption key based upon the indication of the cell identification. The method may further include storing the second intermediary value. The calculation of the key may further comprise calculating the key following a radio link handover. Corresponding apparatuses and computer program products are also provided.
    Type: Application
    Filed: March 30, 2009
    Publication date: May 19, 2011
    Applicant: NOKIA CORPORATION
    Inventors: Dan Lars Anders Forsberg, Pentti Valtteri Niemi, Marc Blommaert
  • Patent number: 7843948
    Abstract: A method of communication between a calling party in a first network and a called party in a second network is disclosed. The method comprises determining in the first network an address associated with the called party. The method also comprises determining, based on the address, if the called party is in a trusted network, and controlling the communication between the called party and the calling party in dependence on if the called party is in a trusted network.
    Type: Grant
    Filed: March 31, 2004
    Date of Patent: November 30, 2010
    Assignee: Nokia Corporation
    Inventors: Gábor Bajko, Aki Niemi, Valtteri Niemi
  • Patent number: 7734049
    Abstract: The invention relates to a method for transmitting data between a GRPS/EDGE radio access network and user equipment of a mobile system, and to user equipment using the method, and to GERAN. In the method, the data to be transmitted is encrypted using an encryption algorithm at the transmitting end, the encrypted data is transmitted from the transmitting end to the receiving end, and the transmitted data is decrypted using an encryption algorithm at the receiving end. The used encryption algorithm is an encryption algorithm of the radio access network UTRAN employing the wideband code division multiple access method of the universal mobile telecommunications system, in which case the input parameters of agreed format required by the encryption algorithm are created on the basis of the operating parameters of the GPRS/EDGE radio access network GERAN.
    Type: Grant
    Filed: August 1, 2001
    Date of Patent: June 8, 2010
    Assignee: Nokia Corporation
    Inventors: Valtteri Niemi, Kari Niemela, Guillaume Sebire, Shkumbin Hamiti
  • Patent number: 7707412
    Abstract: A system and method for authenticating a terminal in a communication system is described. The method includes executing a terminal authentication protocol, whereby the executing the terminal authentication protocol includes authenticating an identity of a network entity by a terminal in a communication system. The method further includes executing a challenge authentication protocol, wherein the executing the challenge authentication protocol includes sharing challenge data between the terminal and the network entity, and forming at the terminal, test data by at least applying one authentication function to the challenge data using the identifier. The executing the challenge authentication protocol further includes transmitting a message including terminal authentication data from the terminal to the network entity, and determining, based on the terminal authentication data, whether to provide the terminal with access to a service.
    Type: Grant
    Filed: November 25, 2002
    Date of Patent: April 27, 2010
    Assignee: Nokia Corporation
    Inventors: Kaisa Nyberg, Valtteri Niemi, Nadarajah Asokan
  • Publication number: 20100074445
    Abstract: A sender and a receiver includes first and second arrays of coupled oscillators, respectively, that are substantially identically constructed so as to exhibit substantially the same dynamical response to excitation. A chaotic waveform generated at the sender is transmitted to the receiver, which generates a second chaotic waveform, and compares the received waveform with the generated second waveform. If the first and second waveforms match the sender is an authorized sender. An integrated circuit includes an array of coupled oscillators that in combination generate a waveform in response to at least one excitation signal. The array of coupled oscillators represents, in response to application of the excitation signals, a multi-dimensional security key that is shared between the sender of the waveform and the receiver of the waveform.
    Type: Application
    Filed: September 25, 2008
    Publication date: March 25, 2010
    Inventors: Nikolai Nefedov, Mikko A. Uusitalo, Markku A. Oksanen, Valtteri Niemi
  • Publication number: 20100014672
    Abstract: A method for protecting traffic in a radio access network connected to at least two core networks. The method comprises maintaining a corenetwork-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter comprising a cyclical sequence number and a hyperframe number (HFN) which is incremented each time the cyclical sequence number completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects the highest HFN used during the session for the core network in question, increments it and uses it for initializing the count parameter for the new radio bearer. At the end of a session, the mobile station stores at least part of the highest HFN used during the session.
    Type: Application
    Filed: July 9, 2009
    Publication date: January 21, 2010
    Applicant: QUALCOMM Incorporated
    Inventors: Jukka Vialén, Valtteri Niemi
  • Patent number: 7630495
    Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.
    Type: Grant
    Filed: June 28, 2002
    Date of Patent: December 8, 2009
    Assignee: Nokia Corporation
    Inventors: Antti Kiiveri, Nadarajah Asokan, Valtteri Niemi
  • Publication number: 20090271623
    Abstract: A method and apparatus for intersystem mobility security context handling between different radio access networks which can include a receiver configured to receive a tracking area update message from a user terminal. The message can include a first key identifier configured to identify a mapped security context and a second key identifier configured to identify a cached security context. A verifier can be configured to verify the tracking area update message with a key identified by the first or second key identifier.
    Type: Application
    Filed: April 28, 2008
    Publication date: October 29, 2009
    Inventors: Dan Forsberg, Valtteri Niemi
  • Publication number: 20090258631
    Abstract: In a non-limiting and exemplary embodiment, a method is provided for arranging authentication of mobility related signalling messages in a mobile communications system. An authentication code is generated on the basis of a previous authentication code stored in connection with a preceding authentication code generation event. The newly generated authentication code is stored for subsequent authentication code generation event. In response to change of the mobile device to an access network of the network entity, a control message comprising the authentication code is transmitted from a mobile device to a first network entity, for verifying the authentication code by the first network entity or by a second network entity of a previous access system.
    Type: Application
    Filed: April 14, 2008
    Publication date: October 15, 2009
    Inventors: Dan Lars Anders Forsberg, Valtteri Niemi
  • Patent number: 7577256
    Abstract: A method for protecting traffic in a radio access network connected to at least two core networks. The method comprises maintaining a core-network-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter comprising a cyclical sequence number and a hyperframe number (HFN) which is incremented each time the cyclical sequence number completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects the highest HFN used during the session for the core network in question, increments it and uses it for initializing the count parameter for the new radio bearer. At the end of a session, the mobile station stores at least part of the highest HFN used during the session.
    Type: Grant
    Filed: September 14, 2007
    Date of Patent: August 18, 2009
    Assignee: QUALCOMM Incorporated
    Inventors: Jukka Vialen, Valtteri Niemi
  • Publication number: 20090111428
    Abstract: The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling.
    Type: Application
    Filed: October 28, 2008
    Publication date: April 30, 2009
    Applicant: NOKIA CORPORATION
    Inventors: Marc Blommaert, Dan Forsberg, Frank Mademann, Valtteri Niemi
  • Patent number: 7526642
    Abstract: In order to enable a home network operator to also control the issuing of certificates to a roaming subscriber, first information indicating whether or not it is allowed to issue a certificate to the subscriber is maintained in the subscription information. The first information is checked in response to a subscriber's certificate request received from the subscriber and the certificate is generated and delivered to the subscriber only if certificate issuance is allowed.
    Type: Grant
    Filed: January 9, 2003
    Date of Patent: April 28, 2009
    Assignee: Nokia Corporation
    Inventors: Tuija Hurtta, Nadarajah Asokan, Philip Ginzboorg, Valtteri Niemi, Miikka Poikselkä, Timo M. Rantalainen
  • Publication number: 20090016334
    Abstract: The present invention relates to a method, tunnel protocol layer, and network device for securing a data packet on a network link. A security layer is provided in the tunneling protocol layer of the wireless network, and a secured data packet is generated by adding to the data packet a header in accordance with said security layer of the tunneling protocol. The secured data packet is then transmitted over the link by using a link layer connection.
    Type: Application
    Filed: July 9, 2007
    Publication date: January 15, 2009
    Applicant: Nokia Corporation
    Inventors: Dan Lars Anders Forsberg, Seppo Ilmari Vesterinen, Pentti Valtteri Niemi, Sami Kekki
  • Publication number: 20080267405
    Abstract: During connection setup with a first radio access network, a multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communications in a second radio access network. The first radio access network saves some or all the information. Then it composes and sends an integrity-protected message that includes information about the encryption algorithms supported by the multimode mobile station in the second radio access network.
    Type: Application
    Filed: June 23, 2008
    Publication date: October 30, 2008
    Inventors: Jukka Vialen, Valtteri Niemi
  • Publication number: 20080184032
    Abstract: A set of associated keys for an authentication process to be performed in a second network is calculated based on a random value used in an authentication process of a first network.
    Type: Application
    Filed: October 19, 2007
    Publication date: July 31, 2008
    Inventors: Changhong Li, Dajiang Zhang, Mika P. Hietala, Valtteri Niemi
  • Patent number: 7403621
    Abstract: During connection setup with a first radio access network, a multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communicates in a second radio access network. The first radio access network saves some or all the information. Then it composes and sends an integrity-protected message that includes information about the encryption algorithms supported by the multimode mobile station in the second radio access network.
    Type: Grant
    Filed: November 6, 2001
    Date of Patent: July 22, 2008
    Assignee: Nokia Corporation
    Inventors: Jukka Vialèn, Valtteri Niemi
  • Patent number: 7366496
    Abstract: During a connection between a network infrastructure and user equipment a first indication of the amount of data transmitted over the connection is maintained in the network infrastructure and a second indication of the amount data transmitted is maintained in the user equipment. A checking procedure is triggered in response to encountering a predetermined checking value. The checking procedure utilizes integrity protected signalling. During the checking procedure the first indication is compared with the second indication.
    Type: Grant
    Filed: February 20, 2001
    Date of Patent: April 29, 2008
    Assignee: Nokia Corporation
    Inventors: Jukka Vialén, Valtteri Niemi