Patents by Inventor Vesa Torvinen
Vesa Torvinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12137340Abstract: In some embodiments, a method in a wireless device comprises registering first and second connections with an AMF. The first and second connections share a first security context and connect via first and second access networks, respectively. The method further comprises establishing a second security context with the AMF, setting a flag to a first value based on the second security context having been taken into use on the first connection, and setting the flag to a second value based on the second security context having been taken into use on the second connection. The second value indicates that the second security context has been taken into use on both the first and second connections. The method further comprises retaining the first security context when the flag is set to the first value, and disposing of the first security context after setting the flag to the second value.Type: GrantFiled: February 15, 2019Date of Patent: November 5, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Noamen Ben Henda, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20240357358Abstract: A method for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network. The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE, non-use of Integrity Protection for User Plane data exchanged with the UE, or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data.Type: ApplicationFiled: June 25, 2024Publication date: October 24, 2024Inventors: Monica Wifvesson, Vesa Torvinen, Karl Norrman, Prajwol Kumar Nakarmi
-
Publication number: 20240259792Abstract: A UE configured to perform a process that includes transmitting, via a RAN node, a Protocol Data Unit (PDU) Session Establishment Request message toward a Session Management Function (SMF). The process also includes, after transmitting the PDU Session Establishment Request message, the UE receiving from the RAN node a Radio Resource Control (RRC) Connection Reconfiguration message comprising: i) a PDU session identifier (ID) identifying a PDU session, ii) a PDU Session Establishment Accept message generated by the SMF, and iii) indications for the activation of user plane (UP) integrity protection and ciphering for each data radio bearer (DRB) belonging to the PDU session according to a security policy received by the RAN node.Type: ApplicationFiled: April 11, 2024Publication date: August 1, 2024Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen BEN HENDA, Monica WIFVESSON
-
Patent number: 12022293Abstract: A method for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network. The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE, non-use of Integrity Protection for User Plane data exchanged with the UE, or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data.Type: GrantFiled: January 11, 2023Date of Patent: June 25, 2024Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Karl Norrman, Vesa Torvinen
-
Publication number: 20240187980Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.Type: ApplicationFiled: December 19, 2023Publication date: June 6, 2024Inventors: Christine Jost, Noamen Ben Henda, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20240179521Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication by an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering Information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).Type: ApplicationFiled: December 4, 2023Publication date: May 30, 2024Inventors: Vesa Torvinen, Monica Wifvesson, Ivo Sedkacek
-
Patent number: 11985496Abstract: A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.Type: GrantFiled: March 17, 2023Date of Patent: May 14, 2024Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Torvinen, Noamen Ben Henda, Monica Wifvesson
-
Publication number: 20240121706Abstract: Network equipment in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, for a subscriber. The SUCI contains a concealed subscription permanent identifier, SUPI, for the subscriber. The received at least a portion of the SUCI indicates a sub-domain code, SDC. The SDC indicates a certain sub-domain, from among multiple sub-domains of a home network of the subscriber, to which the subscriber is assigned. The network equipment is also configured to determine, based on the SDC and from among multiple instances of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber.Type: ApplicationFiled: October 17, 2023Publication date: April 11, 2024Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
-
Publication number: 20240121601Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request, and sending an integrity protected part of the registration request to the source first network function via the target second network function.Type: ApplicationFiled: December 18, 2023Publication date: April 11, 2024Inventors: Christine Jost, Vesa Torvinen, Peter Hedman, Qian Chen, Lars-Bertil Olsson, Noamen Ben Henda
-
Patent number: 11917073Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.Type: GrantFiled: March 29, 2022Date of Patent: February 27, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, Qian Chen, Vesa Lehtovirta, Mats Näslund, Karl Norrman, Gang Ren, Mikael Wass, Monica Wifvesson
-
Patent number: 11895229Abstract: A network node operates a Session Management Function (SMF) in a control plane of a core network of a wireless network. The network node authenticates a User Equipment (UE) with an Extensible Authentication Protocol (EAP) server in a secondary authentication process that uses the SMF as an EAP authenticator. The EAP server is outside of the core network and the UE is separately authenticated with a further network node in the control plane of the core network via a primary authentication process. Authenticating the UE in the secondary authentication process comprises exchanging EAP messages between the SMF and the UE and between the SMF and the EAP server. The SMF authorizes a data session between the UE and the external network through a user plane of the core network based on the UE having successfully authenticated via both the primary authentication process and the secondary authentication process.Type: GrantFiled: January 4, 2023Date of Patent: February 6, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Noamen Ben Henda, David Castellanos Zamora, Vesa Torvinen
-
Patent number: 11870765Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: GrantFiled: December 22, 2022Date of Patent: January 9, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
-
Patent number: 11849389Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.Type: GrantFiled: February 14, 2023Date of Patent: December 19, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Christine Jost, Noamen Ben Henda, Vesa Torvinen, Monica Wifvesson
-
Patent number: 11849315Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request, and sending an integrity protected part of the registration request to the source first network function via the target second network function.Type: GrantFiled: August 16, 2021Date of Patent: December 19, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Christine Jost, Noamen Ben Henda, Qian Chen, Peter Hedman, Lars-Bertil Olsson, Vesa Torvinen
-
Patent number: 11838754Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication b an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).Type: GrantFiled: October 1, 2018Date of Patent: December 5, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Ivo Sedlacek, Monica Wifvesson
-
Patent number: 11792720Abstract: Network equipment in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber. The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber. The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC. The SDC indicates a certain sub-domain, from among multiple sub-domains of a home network of the subscriber, to which the subscriber is assigned. The network equipment is also configured to determine, based on the SDC and from among multiple instances of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber.Type: GrantFiled: June 17, 2021Date of Patent: October 17, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
-
Patent number: 11784797Abstract: A method for a serving network to selectively employ perfect forward security (PFS) based on an indication from a home network is described. The method includes receiving, by the serving network, a PFS indicator from the home network; determining, by the serving network, whether the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with a piece of user equipment; and performing, by the serving network, a PFS procedure with the piece of user equipment in response to determining that the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with the piece of user equipment.Type: GrantFiled: October 19, 2018Date of Patent: October 10, 2023Assignee: Telefonaktiebolaget LM Ericsson (Publ)Inventors: Jari Arkko, Vesa Torvinen
-
Publication number: 20230275883Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.Type: ApplicationFiled: January 5, 2023Publication date: August 31, 2023Inventors: Christine JOST, Vesa LEHTOVIRTA, Ivo SEDLACEK, Vesa TORVINEN
-
Publication number: 20230224700Abstract: A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.Type: ApplicationFiled: March 17, 2023Publication date: July 13, 2023Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen BEN HENDA, Monica WIFVESSON
-
Publication number: 20230208823Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: ApplicationFiled: December 22, 2022Publication date: June 29, 2023Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar NAKARMI, Noamen BEN HENDA, Christine JOST, Vesa TORVINEN