Patents by Inventor Vesa Torvinen
Vesa Torvinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11569988Abstract: A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.Type: GrantFiled: December 22, 2020Date of Patent: January 31, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Nicklas Johansson, Atle Monrad, Gang Ren, Mikael Wass, Monica Wifvesson
-
Patent number: 11558745Abstract: A method (200) for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network (202). The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE (202a), non-use of Integrity Protection for User Plane data exchanged with the UE (202b), or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data (202c). Also disclosed are an apparatus for operating a UE, methods and apparatus for operating a radio access node and a core node of a communication network, and a computer program operable to carry out methods for operating a UE, a radio access node and/or a core node of a communication network.Type: GrantFiled: January 30, 2018Date of Patent: January 17, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Karl Norrman, Vesa Torvinen
-
Patent number: 11539683Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: GrantFiled: November 18, 2020Date of Patent: December 27, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
-
Publication number: 20220377557Abstract: Integrity protection is activated for user plane data transferred between a network node and a terminal device of the cellular communications network. The activation can be initiated by the terminal device sending a request message to a second network node. Thus, a UE, such as a Cellular IoT UE, and a network node such as a SGSN are able to use LLC layer integrity protection for both control plane and user plane data.Type: ApplicationFiled: June 10, 2022Publication date: November 24, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen BEN HENDA, Vesa LEHTOVIRTA, Katharina PFEFFER, Monica WIFVESSON
-
Publication number: 20220272534Abstract: A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.Type: ApplicationFiled: May 5, 2022Publication date: August 25, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Publication number: 20220224543Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.Type: ApplicationFiled: March 29, 2022Publication date: July 14, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Torvinen, Noamen Ben Henda, Qian Chen, Vesa Lehtovirta, Mats Näslund, Karl Norrman, Gang Ren, Mikael Wass, Monica Wifvesson
-
Patent number: 11381387Abstract: Methods, network nodes, computer programs, carrier and user equipment, wherein a proof-of-presence in communications between private land mobile networks (PLMNs) is presented. In an example method performed by a network node in a home public land mobile network (HPLMN) of a user equipment (UE), the network node obtains, from a visited public land mobile network (VPLMN), a proof-of-presence indicator that represents the UE as being present in the VPLMN. The network node verifies whether or not the UE is present in the VPLMN by determining whether or not the proof-of-presence indicator was generated by the UE using a secret shared between the UE and at least the HPLMN. Upon verification of the presence of the UE in the VPLMN, sensitive information can be communicated by the HPLMN to the VPLMN.Type: GrantFiled: July 25, 2017Date of Patent: July 5, 2022Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Lehtovirta, Vesa Torvinen
-
Patent number: 11374941Abstract: Integrity protection is activated for user plane data transferred between a network node and a terminal device of the cellular communications network. The activation can be initiated by the terminal device sending a request message to a second network node. Thus, a UE, such as a Cellular IoT UE, and a network node such as a SGSN are able to use LLC layer integrity protection for both control plane and user plane data.Type: GrantFiled: November 2, 2016Date of Patent: June 28, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, Vesa Lehtovirta, Katharina Pfeffer, Monica Wifvesson
-
Patent number: 11330433Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.Type: GrantFiled: July 17, 2018Date of Patent: May 10, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Patent number: 11296890Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.Type: GrantFiled: November 24, 2016Date of Patent: April 5, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, Qian Chen, Vesa Lehtovirta, Mats Näslund, Karl Norrman, Gang Ren, Mikael Wass, Monica Wifvesson
-
Patent number: 11283798Abstract: Methods and network nodes of a wireless communications network are disclosed. The network nodes are operable to initiate a plurality of authentication mechanisms. Responsive to receipt of a request for authentication transmitted by a terminal device of the wireless communications network, the network nodes are configured to select an authentication mechanism from the plurality of authentication mechanisms; and are further configured to initiate the selected authentication mechanism to authenticate the terminal device with the wireless communications network.Type: GrantFiled: May 5, 2017Date of Patent: March 22, 2022Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Torvinen, Antonio Alonso Alarcon, David Castellanos Zamora, Cheng Wang
-
Patent number: 11233817Abstract: A method performed by a proximity service server. The method comprises generating a ProSe query code and a ProSe response code, sending at least the ProSe response code together with a first and a second discovery key to a first end device, and sending at least the first discovery key and the ProSe query code to a second end device, so that the second end device can securely discover the first end device over an air interface.Type: GrantFiled: February 19, 2020Date of Patent: January 25, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Lehtovirta, Katharina Pfeffer, Vesa Torvinen, Monica Wifvesson
-
Patent number: 11228429Abstract: A communication device for communication with a network device during EAP-AKA?. The communication device is operative to receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device. The communication device is also operative to receive a cipher key, CK, and an integrity key, IK. Generate a modified cipher key, CK?, and a modified integrity key, IK? based on CK, IK and an access network identity. Operations include calculating a second PFS parameter value. Send the second PFS parameter value to the network device. Calculate a third PFS parameter value. Derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK?, IK? and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.Type: GrantFiled: October 30, 2018Date of Patent: January 18, 2022Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Jari Arkko, Karl Norrman, Vesa Torvinen
-
Publication number: 20210400475Abstract: A method is performed by a communications device. The method may comprise receiving, via a control plane of a serving network of the communications device, a message in anauthentication procedure for authentication of the communications device with a home network of the communications device. The message in some embodiments indicates that the authentication is for the purpose of establishing a shared security key between the communications device and an application server.Type: ApplicationFiled: November 1, 2019Publication date: December 23, 2021Inventors: Vesa Lehtovirta, Vesa Torvinen, Noamen Ben Henda
-
Publication number: 20210377729Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request, and sending an integrity protected part of the registration request to the source first network function via the target second network function.Type: ApplicationFiled: August 16, 2021Publication date: December 2, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Christine Jost, Noamen Ben Henda, Qian Chen, Peter Hedman, Lars-Bertil Olsson, Vesa Torvinen
-
Publication number: 20210314857Abstract: Network equipment in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber. The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber. The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC. The SDC indicates a certain sub-domain, from among multiple sub-domains of a home network of the subscriber, to which the subscriber is assigned. The network equipment is also configured to determine, based on the SDC and from among multiple instances of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber.Type: ApplicationFiled: June 17, 2021Publication date: October 7, 2021Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
-
Patent number: 11102649Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request (1200), and sending an integrity protected part of the registration request to the source first network function via the target second network function (1202). Also disclosed are methods of operating first and second network functions.Type: GrantFiled: January 30, 2018Date of Patent: August 24, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Christine Jost, Noamen Ben Henda, Qian Chen, Peter Hedman, Lars-Bertil Olsson, Vesa Torvinen
-
Patent number: 11076288Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.Type: GrantFiled: August 9, 2019Date of Patent: July 27, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Publication number: 20210226781Abstract: A communication device for communication with a network device during EAP-AKA?. The communication device is operative to: receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device; receive a cipher key, CK, and an integrity key, IK, generate a modified cipher key, CK?, and a modified integrity key, IK? based on CK, IK and an access network identity, calculate a second PFS parameter value; send the second PFS parameter value to the network device; calculate a third PFS parameter value; and derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK?, IK? and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.Type: ApplicationFiled: October 30, 2018Publication date: July 22, 2021Inventors: Jari ARKKO, Karl NORRMAN, Vesa TORVINEN
-
Patent number: 11070631Abstract: A terminal device, for example a 3GPP Proximity Services (ProSe)-enabled user equipment, obtains imprecise location information relating to a location of the terminal device, and transmits a proximity service discovery message, wherein the discovery message includes the imprecise location information. A second terminal device, again for example a 3GPP Proximity Services (ProSe)-enabled user equipment, receives a proximity service discovery message containing location information. The second terminal device obtains location information relating to its location, and calculates a distance from the location indicated by the location information in the received discovery message to its location. The second terminal device acts on the received discovery message only if the calculated distance is less than a predetermined distance.Type: GrantFiled: November 24, 2016Date of Patent: July 20, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Monica Wifvesson, Noamen Ben Henda, Vesa Lehtovirta, Katharina Pfeffer, Shabnam Sultana, Vesa Torvinen