Patents by Inventor Valtteri Niemi
Valtteri Niemi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20080090549Abstract: During a connection between a network infrastructure and user equipment a first indication of the amount of data transmitted over the connection is maintained in the network infrastructure and a second indication of the amount data transmitted is maintained in the user equipment. A checking procedure is triggered in response to encountering a predetermined checking value. The checking procedure utilizes integrity protected signalling. During the checking procedure the first indication is compared with the second indication. This checking procedure enables easy discovery of an intruder who either sends and/or receives data on an authorized connection between a network infrastructure and a mobile station, the data transmission being charged from the mobile station.Type: ApplicationFiled: December 12, 2007Publication date: April 17, 2008Applicant: NOKIA CORPORATIONInventors: Jukka VIALEN, Valtteri NIEMI
-
Patent number: 7343014Abstract: The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.Type: GrantFiled: July 15, 2003Date of Patent: March 11, 2008Assignee: Nokia CorporationInventors: Sampo Sovio, Nadarajah Asokan, Kaisa Nyberg, Valtteri Niemi
-
Publication number: 20080013729Abstract: A method for protecting traffic in a radio access network connected to at least two core networks. The method comprises maintaining a core-network-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter comprising a cyclical sequence number and a hyperframe number (HFN) which is incremented each time the cyclical sequence number completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects the highest HFN used during the session for the core network in question, increments it and uses it for initializing the count parameter for the new radio bearer. At the end of a session, the mobile station stores at least part of the highest HFN used during the session.Type: ApplicationFiled: September 14, 2007Publication date: January 17, 2008Applicant: NOKIA CORPORATIONInventors: Jukka VIALEN, Valtteri NIEMI
-
Publication number: 20080002829Abstract: An identifier containing at least one encrypted part is received at a first network entity. A second network entity may then be determined based on the identifier. A request for assistance in decryption of the identifier from the second network entity may be sent from the first entity to the second network entity. The second network entity may then assist the first networks entity in an appropriate manner.Type: ApplicationFiled: June 27, 2007Publication date: January 3, 2008Inventors: Dan Forsberg, Valtteri Niemi
-
Patent number: 7289630Abstract: A method for protecting traffic in a radio access network connected to at least two core networks. The method includes maintaining a core-network-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter including a cyclical sequence number and a hyperframe number (HFN) which is incremented each time the cyclical sequence number completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects the highest HFN used during the session for the core network in question, increments it and uses it for initializing the count parameter for the new radio bearer. At the end of a session, the mobile station stores at least part of the highest HFN used during the session.Type: GrantFiled: August 30, 2002Date of Patent: October 30, 2007Assignee: Nokia CorporationInventors: Jukka Vialén, Valtteri Niemi
-
Patent number: 7246242Abstract: The invention is directed to a method for checking the integrity of messages between a mobile station and the cellular network. Two time-varying parameters are used in MAC calculation, one of which is generated by the mobile station, and the other by the network. The parameter specified by the network is used in one session only, and is transmitted to the mobile station in the beginning of the connection. The parameter specified by the mobile station is stored in the mobile station between connections in order to allow the mobile station to use a different parameter in the next connection. The parameter specified by the mobile station is transmitted to the network in the beginning of the connection.Type: GrantFiled: May 11, 2000Date of Patent: July 17, 2007Assignee: Nokia CorporationInventors: Valtteri Niemi, Jaakko Rajaniemi, Ahti Muhonen
-
Publication number: 20070143614Abstract: The invention provides a method, system, program and devices such as a user equipment, terminal, smart card, for protection of a communication or session, in particular in an IMS.Type: ApplicationFiled: December 20, 2006Publication date: June 21, 2007Inventors: Silke Holtmanns, Nadarajah Asokan, Valtteri Niemi
-
Patent number: 7224800Abstract: A network system is proposed comprising a first network control element in a visited network, a second network control element in a home network and a communication device (UE) associated to a subscriber, wherein the first network control element is adapted to perform a first authentication (A9) of a roaming subscriber requesting authentication, and the second network control element is adapted to perform a second authentication (A11) of the same subscriber. By this measure, both network control elements are able to verify that the authentication was performed correctly. Also a corresponding method is proposed.Type: GrantFiled: November 28, 2000Date of Patent: May 29, 2007Assignee: Nokia CorporationInventors: Patrik Flykt, Valtteri Niemi, Jaakko Rajaniemi, Aki Niemi
-
Patent number: 7085294Abstract: A mechanism for synchronizing transmission of frames in a telecommunications network including a mobile station, a radio network controller, at least one base station. The mobile station and each base station have a corresponding timing reference. The mechanism includes or performs the steps of establishing a connection-specific timing reference which is common to all nodes involved in the connection; determining, for the base stations an offset between the timing reference of the base station in question and the CFN; and using the offset in the base stations, to compensate for the difference between the timing references.Type: GrantFiled: May 3, 2001Date of Patent: August 1, 2006Assignee: Nokia Networks OyInventors: Fabio Longoni, Jukka Vialén, Valtteri Niemi, Jukka Ranta
-
Publication number: 20060159031Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.Type: ApplicationFiled: December 22, 2005Publication date: July 20, 2006Inventors: Jukka Vialen, Valtteri Niemi
-
Patent number: 7009940Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.Type: GrantFiled: October 10, 2001Date of Patent: March 7, 2006Assignee: Nokia CorporationInventors: Jukka Vialen, Valtteri Niemi
-
Patent number: 6990354Abstract: A communications device comprising means for transmitting a signal to another party; and means for controlling the signal level with which said transmitting means transmits, wherein said signal level is initially relatively low and when a connection is established with said another party, said signal level is increased.Type: GrantFiled: May 3, 2001Date of Patent: January 24, 2006Assignee: Nokia Mobile Phones, Ltd.Inventors: Matti Kantola, Kalle Kärkäs, Lauri Piikivi, Holger Hussman, Valtteri Niemi, Sander Van Valkenburg
-
Publication number: 20050249219Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.Type: ApplicationFiled: May 3, 2005Publication date: November 10, 2005Inventors: Gabor Bajko, Miguel Garcia-Martin, Valtteri Niemi, Tao Haukka
-
Publication number: 20050243719Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.Type: ApplicationFiled: May 3, 2004Publication date: November 3, 2005Inventors: Henry Haverinen, Tao Haukka, Valtteri Niemi
-
Patent number: 6959090Abstract: A recording device for digital data streams, such as digital TV broadcasts or digitized music, stores copies of program content encrypted by a key unique to the recording device. Distribution of program content is thus discouraged, since intelligible playback of program content would not be obtained on another recording device, which would have a different key. To reduce manufacturing complexity which would result from requiring all bits of a key to inhere in hardware, a first portion of the key inheres in hardware and a second portion is selected from among several candidates residing in a memory device, the key being determined by combining the first and second portions according to predetermined rules. The second portion is reselected at predetermined intervals from among the candidates. Only payload portions of packets are encrypted while header portions are left in the clear in order to facilitate ancillary functions of recorder such as fast forward, fast rewind, and program search.Type: GrantFiled: November 20, 2000Date of Patent: October 25, 2005Assignee: Nokia CorporationInventors: Jukka Alve, Jan Mårtensson, Ola Lidholm, Valtteri Niemi, Juha Tomberg, Pasi Kärkäs, Harri Pekonen, Rami Suominen
-
Publication number: 20050210251Abstract: A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key; the method comprising; executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communicatType: ApplicationFiled: November 25, 2002Publication date: September 22, 2005Applicant: NOKIA CORPORATIONInventors: Kaisa Nyberg, Valtteri Niemi, Nadarajah Asokan
-
Patent number: 6895439Abstract: The present invention is a system and method which provides authentication for data services for at least one UE (12) using common authentication information based upon information stored in a HSS (16) of a home network (20) of the at least one UE for multiple protocols. At least one proxy server (18) stores authentication information for each of the protocols which may be used to provide data services to the at least one UE. Authentication of the protocols available to the least one UE uses the authentication information stored at the at least one proxy server obtained from the protocol used in the home network of the at least one UE.Type: GrantFiled: March 31, 2003Date of Patent: May 17, 2005Assignee: Nokia CorporationInventors: Markus Isomäki, Jose Costa-Requena, Atte Länsisalmi, Valtteri Niemi, Aki Niemi, Tao Haukka, Gabor Bajko, Tommi Viitanen
-
Publication number: 20050068935Abstract: A method of communication between a calling party in a first network and a called party in a second network is disclosed. The method comprises determining in the first network an address associated with the called party. The method also comprises determining, based on the address, if the called party is in a trusted network, and controlling the communication between the called party and the calling party in dependence on if the called party is in a trusted network.Type: ApplicationFiled: March 31, 2004Publication date: March 31, 2005Inventors: Gabor Bajko, Aki Niemi, Valtteri Niemi
-
Publication number: 20050033960Abstract: There is disclosed a technique of providing message authentication in a communication system comprising the steps of: transmitting a first message from a first device to a second device; transmitting a second message from the second device to the first device, the second message including a message authentication code determined using said first and second messages; transmitting a third message from the first device to the second device, the third messages including a message authentication code determined using the third message. The message authentication code of the third message may be additionally based on the second or the second and first messages.Type: ApplicationFiled: February 6, 2002Publication date: February 10, 2005Inventors: Jukka Vialen, Valtteri Niemi
-
Publication number: 20050021945Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.Type: ApplicationFiled: June 28, 2002Publication date: January 27, 2005Inventors: Valtteri Niemi, Antti-Pentti Vainio, Sinikka Sarkkinen, Niina Karhuluoma, Jan Kall