公开(公告)号：US12167232B2

公开(公告)日：2024-12-10

申请号：US18234339

申请日：2023-08-15

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： Pasi Saarinen ,  Jesús Ángel De-Gregorio-Rodriguez ,  Christine Jost ,  Pablo Martinez De La Cruz

IPC: H04L9/40 ,  H04L29/06 ,  H04L67/02 ,  H04W12/02 ,  H04W12/03 ,  H04W12/086 ,  H04W12/106 ,  H04W84/04

Abstract: Network equipment is configured for use in one of multiple different core network domains of a wireless communication system. The network equipment is configured to receive a message that has been, or is to be, transmitted between the different core network domains. The network equipment is also configured to apply inter-domain security protection to, or remove inter-domain security protection from, one or more portions of the content of a field in the message according to a protection policy. The protection policy includes information indicating to which one or more portions of the content inter-domain security protection is to be applied or removed. The network equipment is also configured to forward the message, with inter-domain security protection applied or removed to the one or more portions, towards a destination of the message.

公开(公告)号：US20240380744A1

公开(公告)日：2024-11-14

申请号：US18555959

申请日：2022-05-02

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： Pinar Comak ,  Ferhat Karakoc ,  Christine Jost ,  Zhang Fu ,  Ulf Mattsson

IPC: H04L9/40 ,  H04L41/12 ,  H04L41/40

Abstract: Embodiments include methods for a data consumer network function (NF) of a communication network. These methods include sending, to a network repository function (NRF) of the communication network, a request for an access token for the following: a service provided by a 5 data collection coordination function (DCCF) of the communication network, and data to be collected via the DCCF service. These methods include receiving from the NRF at least one access token for the DCCF service and for the data to be collected via the DCCF service and, using the at least one access token, collecting the data from a data producer NF of the communication network via the DCCF service. Other embodiments include complementary methods for DCCFs 0 and NRFs, as well as data consumer NFs, DCCFs, and NRFs configured to perform such methods.

公开(公告)号：US20240187980A1

公开(公告)日：2024-06-06

申请号：US18544985

申请日：2023-12-19

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： Christine Jost ,  Noamen Ben Henda ,  Vesa Torvinen ,  Monica Wifvesson

IPC: H04W48/18 ,  H04W12/041 ,  H04W12/043 ,  H04W36/00

CPC classification number: H04W48/18 ,  H04W12/041 ,  H04W12/043 ,  H04W36/0038

Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.

公开(公告)号：US11997479B2

公开(公告)日：2024-05-28

申请号：US17434238

申请日：2020-02-13

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： Vesa Lehtovirta ,  Christine Jost ,  Helena Vahidi Mazinani

IPC: H04W12/03 ,  H04W12/037 ,  H04W12/041 ,  H04W12/06 ,  H04W76/10 ,  H04W60/00

CPC classification number: H04W12/041 ,  H04W12/037 ,  H04W12/06 ,  H04W76/10 ,  H04W60/00

Abstract: A method for key derivation for non-3GPP access. The method includes determining a particular non-3GPP access type, wherein the particular non-3GPP access type is one of N different particular non-3GPP access types (N>1), and each one of the N particular non-3GPP access types is associated with a unique access type distinguisher value. The method also includes generating (s604) a first access network key using a key derivation function and the unique access type distinguisher value with which the determined particular non-3GPP access type is associated, thereby generating a first access network key for the particular non-3GPP access type.

公开(公告)号：US11963000B2

公开(公告)日：2024-04-16

申请号：US18108523

申请日：2023-02-10

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Monica Wifvesson ,  Noamen Ben Henda ,  Christine Jost ,  Vesa Lehtovirta

IPC: H04L9/00 ,  H04L9/08 ,  H04W12/041 ,  H04W12/0433 ,  H04W36/00 ,  H04W36/14 ,  H04W12/00

CPC classification number: H04W12/041 ,  H04L9/0861 ,  H04W12/0433 ,  H04W36/0055 ,  H04W36/14 ,  H04W12/009

Abstract: A key management is provided that enables security activation before handing over a user equipment from a source 5G wireless communication system, i.e., a Next Generation System (NGS), to a target 4G wireless communication system, i.e., a Evolved Packet System (EPS)/Long Term Evolution (LTE). The key management achieves backward security, i.e., prevents the target 4G wireless communication system from getting knowledge of 5G security information used in the source 5G wireless communication system.

公开(公告)号：US11849389B2

公开(公告)日：2023-12-19

申请号：US18109516

申请日：2023-02-14

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Christine Jost ,  Noamen Ben Henda ,  Vesa Torvinen ,  Monica Wifvesson

IPC: H04L29/06 ,  H04W48/18 ,  H04W36/00 ,  H04W12/041 ,  H04W12/043

CPC classification number: H04W48/18 ,  H04W12/041 ,  H04W12/043 ,  H04W36/0038

Abstract: There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.

公开(公告)号：US11432141B2

公开(公告)日：2022-08-30

申请号：US16713984

申请日：2019-12-13

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Noamen Ben Henda ,  Christine Jost ,  Karl Norrman ,  Monica Wifvesson

IPC: H04W12/04 ,  H04W12/041 ,  H04W60/02 ,  H04W36/00 ,  H04W48/20 ,  H04W12/0433 ,  H04L9/40 ,  H04W36/14 ,  H04W36/38

Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

公开(公告)号：US20250047659A1

公开(公告)日：2025-02-06

申请号：US18705244

申请日：2022-10-28

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Christine Jost ,  Cheng Wang ,  Ferhat Karakoc ,  Vlasios Tsiatsis ,  Wenliang Xu

IPC: H04L9/40

Abstract: Embodiments of the present disclosure include methods for a client in an edge data network. Such methods include obtaining an initial access credential before accessing the edge data network. The initial access credential includes or is based on one or more of the following: an indication that the client is a legitimate client, and a client type associated with the client. Such methods include establishing a first connection with a server of the edge data network based on transport layer security (TLS); authenticating the server via the first connection based on a server certificate; and providing the initial access credential to the server, via the first connection, for authentication of the client. Other embodiments include complementary methods for a server and for a credential provider, as well as UEs, network nodes, and/or computing systems configured to perform such methods.

公开(公告)号：US12160413B2

公开(公告)日：2024-12-03

申请号：US18150297

申请日：2023-01-05

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Christine Jost ,  Vesa Lehtovirta ,  Ivo Sedlacek ,  Vesa Torvinen

IPC: H04L9/40 ,  H04W12/0433 ,  H04W12/069 ,  H04W12/71 ,  H04W12/72 ,  H04W48/16 ,  H04W84/12

Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

公开(公告)号：US12075253B2

公开(公告)日：2024-08-27

申请号：US16465382

申请日：2017-01-26

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Maria Esther Bas Sanchez ,  David Castellanos Zamora ,  Peter Hedman ,  Christine Jost ,  Monica Wifvesson

IPC: H04W12/30 ,  H04W8/20 ,  H04W12/06 ,  H04W60/04

CPC classification number: H04W12/35 ,  H04W8/205 ,  H04W12/06 ,  H04W60/04

Abstract: There is provided mechanisms for attachment of a wireless device to an MNO. A method is performed by the wireless device. The method comprises providing an authorization token to an AMF node of the MNO in conjunction with authenticating with the AMF node. The method comprises completing attachment to the MNO upon successful validation of the authorization token by the AMF node.