Patents by Inventor Vesa Torvinen
Vesa Torvinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11071050Abstract: Network equipment (26) in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber (13). The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber (13). The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC, (32). The SDC (32) indicates a certain sub-domain, from among multiple sub-domains (30-1, 30-2, . . . 30-N) of a home network of the subscriber (13), to which the subscriber (13) is assigned. The network equipment (26) is also configured to determine, based on the SDC (32) and from among multiple instances (24-1, 24-2, . . . 24-M) of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber (13).Type: GrantFiled: January 15, 2019Date of Patent: July 20, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
-
Patent number: 11039313Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication by an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering Information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).Type: GrantFiled: January 28, 2021Date of Patent: June 15, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Monica Wifvesson, Ivo Sedlacek
-
Publication number: 20210176636Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication by an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering Information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).Type: ApplicationFiled: January 28, 2021Publication date: June 10, 2021Inventors: Vesa Torvinen, Monica Wifvesson, Ivo Sedlacek
-
Publication number: 20210153010Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.Type: ApplicationFiled: July 17, 2018Publication date: May 20, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen BEN HENDA, David CASTELLANOS ZAMORA, Prajwol Kumar NAKARMI, Pasi SAARINEN, Monica WIFVESSON
-
Publication number: 20210111882Abstract: A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Nicklas JOHANSSON, Atle MONRAD, Gang REN, Mikael WASS, Monica WIFVESSON
-
Publication number: 20210075778Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: ApplicationFiled: November 18, 2020Publication date: March 11, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar NAKARMI, Noamen BEN HENDA, Christine JOST, Vesa TORVINEN
-
Patent number: 10939293Abstract: An authentication node (22) in a wireless communication system (10) authenticates a message received by a recipient radio node (16A) (e.g., a user equipment). The authentication node (22) in this regard determines a radio resource that carries the message received by the recipient radio node (16A). The authentication node (22) performs authentication of the message, by checking whether the message is bound to the determined radio resource. The authentication node (22) may, for example, compute an expected authentication or integrity code based on information identifying the determined radio resource and check whether the expected authentication or integrity code matches an authentication or integrity code associated with the message.Type: GrantFiled: November 24, 2016Date of Patent: March 2, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Mats Folke, Vesa Lehtovirta, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20210036842Abstract: A method for a serving network to selectively employ perfect forward security (PFS) based on an indication from a home network is described. The method includes receiving, by the serving network, a PFS indicator from the home network; determining, by the serving network, whether the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with a piece of user equipment; and performing, by the serving network, a PFS procedure with the piece of user equipment in response to determining that the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with the piece of user equipment.Type: ApplicationFiled: October 19, 2018Publication date: February 4, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Jari ARKKO, Vesa TORVINEN
-
Publication number: 20210014284Abstract: The disclosure provides techniques for negotiating security mechanisms between security gateways (102A, 102B). In these techniques, an initiating security gateway (102A) sends (302) a request message to a responding security gateway (102B) over a first connection established between the security gateways. The first connection provides integrity protection for 5 the messages. The request message includes one or more security mechanisms supported by the initiating security gateway. Upon receipt, the responding security gateway selects (406) one of the security mechanisms and transmits (408) a response message to the initiating security gateway indicating the selected security mechanism. Signaling messages are then communicated (310, 412) between the security gateways using the selected security 10 mechanism.Type: ApplicationFiled: February 15, 2019Publication date: January 14, 2021Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa LEHTOVIRTA, Pablo MARTINEZ DE LA CRUZ, Karl NORRMAN, Pasi SAARINEN, Vesa TORVINEN
-
Patent number: 10887300Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: GrantFiled: February 5, 2020Date of Patent: January 5, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
-
Patent number: 10887089Abstract: A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.Type: GrantFiled: June 2, 2017Date of Patent: January 5, 2021Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Torvinen, Nicklas Johansson, Atle Monrad, Gang Ren, Mikael Wass, Monica Wifvesson
-
Publication number: 20200413258Abstract: In some embodiments, a method in a wireless device comprises registering first and second connections with an AMF. The first and second connections share a first security context and connect via first and second access networks, respectively. The method further comprises establishing a second security context with the AMF, setting a flag to a first value based on the second security context having been taken into use on the first connection, and setting the flag to a second value based on the second security context having been taken into use on the second connection. The second value indicates that the second security context has been taken into use on both the first and second connections. The method further comprises retaining the first security context when the flag is set to the first value, and disposing of the first security context after setting the flag to the second value.Type: ApplicationFiled: February 15, 2019Publication date: December 31, 2020Inventors: Noamen BEN HENDA, Vesa TORVINEN, Monica WIFVESSON
-
Patent number: 10880681Abstract: A terminal device obtains grid location information relating to a cell of a predetermined grid in which the terminal device is located. The terminal device then calculates a message integrity code based on the grid location information and transmits a proximity service discovery message. The discovery message includes the calculated message integrity code and does not include the grid location information. A second terminal device receives the proximity service discovery message. The second terminal device then obtains grid location information relating to at least one cell of a predetermined grid within a predetermined distance of a location of the second terminal device, calculates at least one message integrity code based on the grid location information, and determines whether a calculated message integrity code matches the message integrity code in the received discovery message. The second terminal device then acts on the received discovery message only if there is a match.Type: GrantFiled: December 27, 2019Date of Patent: December 29, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Noamen Ben Henda, Vesa Lehtovirta, Katharina Pfeffer, Shabnam Sultana, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20200396605Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication b an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).Type: ApplicationFiled: October 1, 2018Publication date: December 17, 2020Inventors: Vesa Torvinen, Ivo SEDLACEK, Monica WIFVESSON
-
Patent number: 10848967Abstract: A method for handling change of serving Access and Mobility Managing Function for a user equipment. The method comprises sending of a context request to a source Access and Mobility Managing Function. This sending is performed from a target Access and Mobility Managing Function. In the target Access and Mobility Managing Function, a context is received (S3) in reply from the source Access and Mobility Managing Function. The context comprises a parameter which identifies a Security Anchor Function Access and Mobility Managing Function. The Security Anchor Function Access and Mobility Managing Function keeps a key, which is shared with the user equipment. A method for handling a change of serving Access and Mobility Managing Function in a user equipment is also disclosed as well as Access and Mobility Managing Function and User Equipments therefore.Type: GrantFiled: May 24, 2019Date of Patent: November 24, 2020Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Noamen Ben Henda, David Castellanos Zamora, Christine Jost, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20200322160Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.Type: ApplicationFiled: November 24, 2016Publication date: October 8, 2020Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa TORVINEN, Noamen BEN HENDA, Qian CHEN, Vesa LEHTOVIRTA, Mats NÄSLUND, Karl NORRMAN, Gang REN, Mikael WASS, Monica WIFVESSON
-
Publication number: 20200296660Abstract: Network equipment (26) in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber (13). The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber (13). The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC, (32). The SDC (32) indicates a certain sub-domain, from among multiple sub-domains (30-1, 30-2, . . . 30-N) of a home network of the subscriber (13), to which the subscriber (13) is assigned. The network equipment (26) is also configured to determine, based on the SDC (32) and from among multiple instances (24-1, 24-2, . . . 24-M) of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber (13).Type: ApplicationFiled: January 15, 2019Publication date: September 17, 2020Inventors: Cheng Wang, David Castellanos Zamora, Prajwol Kumar Nakarmi, Vesa Torvinen
-
Patent number: 10750361Abstract: A basestation in a cellular communications network is operable to send a message to a Mobility Management Entity, relating to a suspension or resumption of a connection of a UE, wherein the message contains key renewal information. The Mobility Management Entity receives the message, and determines whether a key renewal condition is met. If the key renewal condition is met, the MME forwards a new NH, NCC pair to the base station. If a message received from the MME includes a NH, NCC pair, the basestation derives keying information using the NH, NCC pair for future use in deriving keys.Type: GrantFiled: November 25, 2016Date of Patent: August 18, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Lehtovirta, Noamen Ben Henda, Lars-Bertil Olsson, Paul Schliwa-Bertling, Magnus Stattin, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20200187003Abstract: A method performed by a proximity service server. The method comprises generating a ProSe query code and a ProSe response code, sending at least a the ProSe response code together with a first and a second discovery key to a first end device, and sending at least the first discovery key and the ProSe query code to a second end device, so that the second end device can securely discover the first end device over an air interface.Type: ApplicationFiled: February 19, 2020Publication date: June 11, 2020Applicant: Telefonaktiebolaget LM Ericsson (Publ)Inventors: Vesa LEHTOVIRTA, Katharina PFEFFER, Vesa TORVINEN, Monica WIFVESSON
-
Publication number: 20200186995Abstract: Methods, network nodes, computer programs, carrier and user equipment, wherein a proof-of-presence in communications between private land mobile networks (PLMNs) is presented. In an example method performed by a network node in a home public land mobile network (HPLMN) of a user equipment (UE), the network node obtains, from a visited public land mobile network (VPLMN), a proof-of-presence indicator that represents the UE as being present in the VPLMN. The network node verifies whether or not the UE is present in the VPLMN by determining whether or not the proof-of-presence indicator was generated by the UE using a secret shared between the UE and at least the HPLMN. Upon verification of the presence of the UE in the VPLMN, sensitive information can be communicated by the HPLMN to the VPLMN.Type: ApplicationFiled: July 25, 2017Publication date: June 11, 2020Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar NAKARMI, Noamen BEN HENDA, Christine JOST, Vesa LEHTOVIRTA, Vesa TORVINEN