Patents by Inventor Vesa Torvinen
Vesa Torvinen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20200178078Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: ApplicationFiled: February 5, 2020Publication date: June 4, 2020Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar NAKARMI, Noamen BEN HENDA, Christine JOST, Vesa TORVINEN
-
Patent number: 10667126Abstract: A radio access network, RAN, node configures user plane access stratum, AS, security in a wireless communication system that includes a radio access network, RAN, and a core network, CN. The RAN node is configured to receive, from the CN, signaling that indicates a decision by the CN of whether or not the RAN node is to activate user plane AS security and that indicates whether or not the RAN node is allowed to overrule the decision by the CN. For example, the signaling may indicate whether the decision by the CN is a command that the RAN node must comply with or a preference that the RAN node is permitted to overrule. Regardless, the RAN node may also be configured to activate or not activate user plane AS security, depending on the signaling.Type: GrantFiled: October 1, 2018Date of Patent: May 26, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Pasi Saarinen, Vesa Torvinen
-
Publication number: 20200137677Abstract: A terminal device obtains grid location information relating to a cell of a predetermined grid in which the terminal device is located. The terminal device then calculates a message integrity code based on the grid location information and transmits a proximity service discovery message. The discovery message includes the calculated message integrity code and does not include the grid location information. A second terminal device receives the proximity service discovery message. The second terminal device then obtains grid location information relating to at least one cell of a predetermined grid within a predetermined distance of a location of the second terminal device, calculates at least one message integrity code based on the grid location information, and determines whether a calculated message integrity code matches the message integrity code in the received discovery message. The second terminal device then acts on the received discovery message only if there is a match.Type: ApplicationFiled: December 27, 2019Publication date: April 30, 2020Inventors: Noamen Ben Henda, Vesa Lehtovirta, Katharina Pfeffer, Shabnam Sultana, Vesa Torvinen, Monica Wifvesson
-
Patent number: 10638412Abstract: A terminal device obtains grid location information relating to a cell of a predetermined grid in which the terminal device is located. The terminal device then calculates a message integrity code based on the grid location information and transmits a proximity service discovery message. The discovery message includes the calculated message integrity code and does not include the grid location information. A second terminal device receives the proximity service discovery message. The second terminal device then obtains grid location information relating to at least one cell of a predetermined grid within a predetermined distance of a location of the second terminal device, calculates at least one message integrity code based on the grid location information, and determines whether a calculated message integrity code matches the message integrity code in the received discovery message. The second terminal device then acts on the received discovery message only if there is a match.Type: GrantFiled: November 24, 2016Date of Patent: April 28, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Noamen Ben Henda, Vesa Lehtovirta, Katharina Pfeffer, Shabnam Sultana, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20200128398Abstract: A radio access network, RAN, node (12) configures user plane access stratum, AS, security in a wireless communication system (10) that includes a radio access network, RAN, (10B) and a core network, CN (10A). The RAN node (12) is configured to receive, from the CN (10A), signaling (20) that indicates a decision by the CN (10A) of whether or not the RAN node (12) is to activate user plane AS security and that indicates whether or not the RAN node (12) is allowed to overrule the decision by the CN (10A). For example, the signaling (20) may indicate whether the decision by the CN is a command that the RAN node (12) must comply with or a preference that the RAN node (12) is permitted to overrule. Regardless, the RAN node (12) may also be configured to activate or not activate user plane AS security, depending on the signaling (20).Type: ApplicationFiled: October 1, 2018Publication date: April 23, 2020Inventors: Monica Wifvesson, Prajwol Kumar Nakarmi, Pasi Saarinen, Vesa Torvinen
-
Patent number: 10609561Abstract: A method performed by a network node (106) of a serving public land mobile network, PLMN, (112) associated with a user equipment, UE, (102) comprising: obtaining a secret identifier (110) that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation (108) related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.Type: GrantFiled: July 12, 2017Date of Patent: March 31, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
-
Publication number: 20200100101Abstract: Methods for operating a UE, a network node, a Session Management Function (SMF) and a Unified Data Management (UDM) are disclosed. The methods include transmitting, by a UE, a Protocol Data Unit (PDU) Session Establishment Request message toward an SMF in the communication network (902A), and receiving at the UE a policy decision on security protection of User Plane (UP) data terminating in a RAN for the PDU Session (904A). The policy decision received at the UE may be in accordance with a UP security policy provided by the SMF to the RAN during PDU Session Establishment. Also disclosed are a UE, network node, SMF and UDM.Type: ApplicationFiled: March 16, 2018Publication date: March 26, 2020Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen BEN HENDA, Monica WIFVESSON
-
Patent number: 10602434Abstract: A terminal device obtains grid location information relating to a cell of a predetermined grid in which the terminal device is located. The terminal device then calculates a message integrity code based on the grid location information and transmits a proximity service discovery message. The discovery message includes the calculated message integrity code and does not include the grid location information. A second terminal device receives the proximity service discovery message. The second terminal device then obtains grid location information relating to at least one cell of a predetermined grid within a predetermined distance of a location of the second terminal device, calculates at least one message integrity code based on the grid location information, and determines whether a calculated message integrity code matches the message integrity code in the received discovery message. The second terminal device then acts on the received discovery message only if there is a match.Type: GrantFiled: November 24, 2016Date of Patent: March 24, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Noamen Ben Henda, Vesa Lehtovirta, Katharina Pfeffer, Shabnam Sultana, Vesa Torvinen, Monica Wifvesson
-
Patent number: 10602356Abstract: A method performed by a proximity service server is disclosed. The method comprises generating a ProSe query code and a ProSe response code, sending at least a the ProSe response code together with a first and a second discovery key to a first end device, and sending at least the first discovery key and the ProSe query code to a second end device, so that the second end device can securely discover the first end device over an air interface.Type: GrantFiled: December 18, 2015Date of Patent: March 24, 2020Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vesa Lehtovirta, Katharina Pfeffer, Vesa Torvinen, Monica Wifvesson
-
Publication number: 20200084676Abstract: A method for handling change of serving Access and Mobility Managing Function for a user equipment. The method comprises sending (S2) of a context request to a source Access and Mobility Managing Function. This sending is performed from a target Access and Mobility Managing Function. In the target Access and Mobility Managing Function, a context is received (S3) in reply from the source Access and Mobility Managing Function. The context comprises a parameter which identifies a Security Anchor Function Access and Mobility Managing Function. The Security Anchor Function Access and Mobility Managing Function keeps a key, which is shared with the user equipment. A method for handling a change of serving Access and Mobility Managing Function in a user equipment is also disclosed as well as Access and Mobility Managing Function and User Equipments therefore.Type: ApplicationFiled: December 21, 2017Publication date: March 12, 2020Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Noamen BEN HENDA, David CASTELLANOS ZAMORA, Christine JOST, Vesa TORVINEN, Monica WIFVESSON
-
Patent number: 10555177Abstract: A method of operation of a terminal device in a cellular communications network is disclosed. The method comprises sending a GMM Attach Request message to the network, the GMM Attach Request message identifying security capabilities of the terminal device. The terminal device receiving from the network an echo message in the GMM layer including information identifying the security capabilities of the terminal device, wherein the echo message is received with integrity protection.Type: GrantFiled: October 4, 2016Date of Patent: February 4, 2020Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Monica Wifvesson, Noamen Ben Henda, Magnus Karlsson, Vesa Lehtovirta, Katharina Pfeffer, Vesa Torvinen
-
Publication number: 20200008055Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.Type: ApplicationFiled: January 29, 2018Publication date: January 2, 2020Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Christine JOST, Vesa LEHTOVIRTA, Ivo SEDLACEK, Vesa TORVINEN
-
Publication number: 20190394651Abstract: A method (200) for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network (202). The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE (202a), non-use of Integrity Protection for User Plane data exchanged with the UE (202b), or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data (202c). Also disclosed are an apparatus for operating a UE, methods and apparatus for operating a radio access node and a core node of a communication network, and a computer program operable to carry out methods for operating a UE, a radio access node and/or a core node of a communication network.Type: ApplicationFiled: January 30, 2018Publication date: December 26, 2019Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Monica WIFVESSON, Prajwol Kumar NAKARMI, Karl NORRMAN, Vesa TORVINEN
-
Publication number: 20190387407Abstract: A method for operating a User Equipment (UE) is disclosed, wherein the UE is served by a source first network function in a first network and requires to register with a target second network function in a second network. The method comprises generating a registration request with integrity protection for at least a part of the registration request (1200), and sending an integrity protected part of the registration request to the source first network function via the target second network function (1202). Also disclosed are methods of operating first and second network functions.Type: ApplicationFiled: January 30, 2018Publication date: December 19, 2019Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Christine JOST, Noamen BEN HENDA, Qian CHEN, Peter HEDMAN, Lars-Bertil OLSSON, Vesa TORVINEN
-
Publication number: 20190380068Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.Type: ApplicationFiled: December 18, 2017Publication date: December 12, 2019Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Christine JOST, Noamen BEN HENDA, Vesa TORVINEN, Monica WIFVESSON
-
Publication number: 20190364428Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.Type: ApplicationFiled: August 9, 2019Publication date: November 28, 2019Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa TORVINEN, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Patent number: 10462671Abstract: A method and arrangements for enabling authentication of a communication device is suggested, where a network node, capable of operating as an authentication server does not have to store all state related information relevant for a roundtrip of an authentication session. Instead of storing all this information, at least a part of it is provided to the authenticator or the communication unit, for later retrieval in a subsequent response. Based on the state related information provided in the response, the network node is capable of reproducing a state associated with a respective roundtrip. By repeating the mentioned process for a required number of roundtrips, an authentication session can be executed, where less state related information need to be stored at the mentioned network node.Type: GrantFiled: October 4, 2018Date of Patent: October 29, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Elena Dubrova, Karl Norrman, Vesa Torvinen
-
Patent number: 10425817Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.Type: GrantFiled: November 26, 2018Date of Patent: September 24, 2019Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Vesa Torvinen, Noamen Ben Henda, David Castellanos Zamora, Prajwol Kumar Nakarmi, Pasi Saarinen, Monica Wifvesson
-
Publication number: 20190289672Abstract: A method for handling change of serving Access and Mobility Managing Function for a user equipment. The method comprises sending of a context request to a source Access and Mobility Managing Function. This sending is performed from a target Access and Mobility Managing Function. In the target Access and Mobility Managing Function, a context is received (S3) in reply from the source Access and Mobility Managing Function. The context comprises a parameter which identifies a Security Anchor Function Access and. Mobility Managing Function. The Security Anchor Function Access and Mobility Managing Function keeps a key, which is shared with the user equipment. A method for handling a change of serving Access and Mobility Managing Function in a user equipment is also disclosed as well as Access and Mobility Managing Function and User Equipments therefore.Type: ApplicationFiled: May 24, 2019Publication date: September 19, 2019Inventors: Noamen Ben Henda, David Castellanos Zamora, Christine Jost, Vesa Torvinen, Monica Wifvesson
-
Patent number: 10382967Abstract: A terminal device obtains location information relating to its location, wherein the location information comprises first location information and second location information, wherein the first location information relates to a location of the terminal device within a region, and wherein the second location information identifies the region in which the terminal device is located. The terminal device forms content for a proximity service discovery message, wherein the content for the discovery message includes the first location information; calculates a message integrity code based on the content for the discovery message and the second location information; and transmits the proximity service discovery message, comprising the content for the discovery message and the computed message integrity code.Type: GrantFiled: November 24, 2016Date of Patent: August 13, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Noamen Ben Henda, Vesa Lehtovirta, Prajwol Kumar Nakarmi, Vesa Torvinen, Monica Wifvesson