Patents by Inventor Vesa Torvinen

Vesa Torvinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12137340
    Abstract: In some embodiments, a method in a wireless device comprises registering first and second connections with an AMF. The first and second connections share a first security context and connect via first and second access networks, respectively. The method further comprises establishing a second security context with the AMF, setting a flag to a first value based on the second security context having been taken into use on the first connection, and setting the flag to a second value based on the second security context having been taken into use on the second connection. The second value indicates that the second security context has been taken into use on both the first and second connections. The method further comprises retaining the first security context when the flag is set to the first value, and disposing of the first security context after setting the flag to the second value.
    Type: Grant
    Filed: February 15, 2019
    Date of Patent: November 5, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Vesa Torvinen, Monica Wifvesson
  • Publication number: 20240357358
    Abstract: A method for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network. The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE, non-use of Integrity Protection for User Plane data exchanged with the UE, or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data.
    Type: Application
    Filed: June 25, 2024
    Publication date: October 24, 2024
    Inventors: Monica Wifvesson, Vesa Torvinen, Karl Norrman, Prajwol Kumar Nakarmi
  • Publication number: 20240259792
    Abstract: A UE configured to perform a process that includes transmitting, via a RAN node, a Protocol Data Unit (PDU) Session Establishment Request message toward a Session Management Function (SMF). The process also includes, after transmitting the PDU Session Establishment Request message, the UE receiving from the RAN node a Radio Resource Control (RRC) Connection Reconfiguration message comprising: i) a PDU session identifier (ID) identifying a PDU session, ii) a PDU Session Establishment Accept message generated by the SMF, and iii) indications for the activation of user plane (UP) integrity protection and ciphering for each data radio bearer (DRB) belonging to the PDU session according to a security policy received by the RAN node.
    Type: Application
    Filed: April 11, 2024
    Publication date: August 1, 2024
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa TORVINEN, Noamen BEN HENDA, Monica WIFVESSON
  • Patent number: 12022293
    Abstract: A method for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network. The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE, non-use of Integrity Protection for User Plane data exchanged with the UE, or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data.
    Type: Grant
    Filed: January 11, 2023
    Date of Patent: June 25, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Karl Norrman, Vesa Torvinen
  • Publication number: 20240187980
    Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.
    Type: Application
    Filed: December 19, 2023
    Publication date: June 6, 2024
    Inventors: Christine Jost, Noamen Ben Henda, Vesa Torvinen, Monica Wifvesson
  • Publication number: 20240179521
    Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication by an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering Information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).
    Type: Application
    Filed: December 4, 2023
    Publication date: May 30, 2024
    Inventors: Vesa Torvinen, Monica Wifvesson, Ivo Sedkacek
  • Patent number: 11985496
    Abstract: A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.
    Type: Grant
    Filed: March 17, 2023
    Date of Patent: May 14, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa Torvinen, Noamen Ben Henda, Monica Wifvesson
  • Publication number: 20240121706
    Abstract: Network equipment in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, for a subscriber. The SUCI contains a concealed subscription permanent identifier, SUPI, for the subscriber. The received at least a portion of the SUCI indicates a sub-domain code, SDC. The SDC indicates a certain sub-domain, from among multiple sub-domains of a home network of the subscriber, to which the subscriber is assigned. The network equipment is also configured to determine, based on the SDC and from among multiple instances of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber.
    Type: Application
    Filed: October 17, 2023
    Publication date: April 11, 2024
    Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
  • Publication number: 20240121601
    Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request, and sending an integrity protected part of the registration request to the source first network function via the target second network function.
    Type: Application
    Filed: December 18, 2023
    Publication date: April 11, 2024
    Inventors: Christine Jost, Vesa Torvinen, Peter Hedman, Qian Chen, Lars-Bertil Olsson, Noamen Ben Henda
  • Patent number: 11917073
    Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.
    Type: Grant
    Filed: March 29, 2022
    Date of Patent: February 27, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Torvinen, Noamen Ben Henda, Qian Chen, Vesa Lehtovirta, Mats Näslund, Karl Norrman, Gang Ren, Mikael Wass, Monica Wifvesson
  • Patent number: 11895229
    Abstract: A network node operates a Session Management Function (SMF) in a control plane of a core network of a wireless network. The network node authenticates a User Equipment (UE) with an Extensible Authentication Protocol (EAP) server in a secondary authentication process that uses the SMF as an EAP authenticator. The EAP server is outside of the core network and the UE is separately authenticated with a further network node in the control plane of the core network via a primary authentication process. Authenticating the UE in the secondary authentication process comprises exchanging EAP messages between the SMF and the UE and between the SMF and the EAP server. The SMF authorizes a data session between the UE and the external network through a user plane of the core network based on the UE having successfully authenticated via both the primary authentication process and the secondary authentication process.
    Type: Grant
    Filed: January 4, 2023
    Date of Patent: February 6, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, David Castellanos Zamora, Vesa Torvinen
  • Patent number: 11870765
    Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.
    Type: Grant
    Filed: December 22, 2022
    Date of Patent: January 9, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
  • Patent number: 11849389
    Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.
    Type: Grant
    Filed: February 14, 2023
    Date of Patent: December 19, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christine Jost, Noamen Ben Henda, Vesa Torvinen, Monica Wifvesson
  • Patent number: 11849315
    Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request, and sending an integrity protected part of the registration request to the source first network function via the target second network function.
    Type: Grant
    Filed: August 16, 2021
    Date of Patent: December 19, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christine Jost, Noamen Ben Henda, Qian Chen, Peter Hedman, Lars-Bertil Olsson, Vesa Torvinen
  • Patent number: 11838754
    Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication b an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: December 5, 2023
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Torvinen, Ivo Sedlacek, Monica Wifvesson
  • Patent number: 11792720
    Abstract: Network equipment in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber. The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber. The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC. The SDC indicates a certain sub-domain, from among multiple sub-domains of a home network of the subscriber, to which the subscriber is assigned. The network equipment is also configured to determine, based on the SDC and from among multiple instances of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber.
    Type: Grant
    Filed: June 17, 2021
    Date of Patent: October 17, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
  • Patent number: 11784797
    Abstract: A method for a serving network to selectively employ perfect forward security (PFS) based on an indication from a home network is described. The method includes receiving, by the serving network, a PFS indicator from the home network; determining, by the serving network, whether the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with a piece of user equipment; and performing, by the serving network, a PFS procedure with the piece of user equipment in response to determining that the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with the piece of user equipment.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: October 10, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Jari Arkko, Vesa Torvinen
  • Publication number: 20230275883
    Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.
    Type: Application
    Filed: January 5, 2023
    Publication date: August 31, 2023
    Inventors: Christine JOST, Vesa LEHTOVIRTA, Ivo SEDLACEK, Vesa TORVINEN
  • Publication number: 20230224700
    Abstract: A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.
    Type: Application
    Filed: March 17, 2023
    Publication date: July 13, 2023
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa TORVINEN, Noamen BEN HENDA, Monica WIFVESSON
  • Publication number: 20230208823
    Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.
    Type: Application
    Filed: December 22, 2022
    Publication date: June 29, 2023
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar NAKARMI, Noamen BEN HENDA, Christine JOST, Vesa TORVINEN