公开(公告)号：US20170118635A1

公开(公告)日：2017-04-27

申请号：US14923347

申请日：2015-10-26

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Anja JERICHOW ,  Guenther HORN

IPC: H04W12/04 ,  H04W12/08

CPC classification number: H04W12/04 ,  H04L63/06 ,  H04L63/08 ,  H04L63/104 ,  H04W12/0023 ,  H04W12/06 ,  H04W12/08

Abstract: Various communication systems may benefit from appropriate security mechanisms. For example, isolated operation of evolved universal terrestrial radio networks may benefit from key separation for a local evolved packet core. A method can include deriving a subscriber key corresponding to an isolated operation network. The subscriber key can be derived from an identifier of the isolated operation network and a master subscriber key. The method can also include provisioning the subscriber key to the isolated operation network.

公开(公告)号：US20210235269A1

公开(公告)日：2021-07-29

申请号：US16094975

申请日：2016-04-19

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther HORN ,  Anja JERICHOW

IPC: H04W12/084 ,  H04W76/11 ,  H04W48/02 ,  H04W12/041

Abstract: There are provided measures for network authorization assistance. Such measures exemplarily comprise detecting a connection opportunity to a radio access network, obtaining a network identifier of said radio access network, said network identifier being indicative of trust related information with respect to said radio access network, circuitry 11 verifying correctness of said network identifier, and controlling a selection processing of selecting to connect to said radio access network or not based on said network identifier of said radio access network, if said network identifier is verified as being correct.

公开(公告)号：US20180241757A1

公开(公告)日：2018-08-23

申请号：US15748812

申请日：2016-08-16

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther HORN

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W8/20

CPC classification number: H04L63/105 ,  H04L63/102 ,  H04L63/20 ,  H04L67/306 ,  H04W8/20 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: Various communication systems may benefit from appropriate security measures. For example, the cellular internet of things may benefit from suitable security procedures. A method can include including a first field in a subscriber profile. The first field can be configured to determine a minimum strength for at least one cryptographic algorithm to be used between a user equipment associated with this subscription and a support node. The method can also include transmitting the subscriber profile between a subscriber database and the support node.

公开(公告)号：US20190069170A1

公开(公告)日：2019-02-28

申请号：US16077119

申请日：2016-02-11

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Anja JERICHOW ,  Guenther HORN

IPC: H04W12/06 ,  H04W12/04

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding security in isolated LTE networks. The method comprises receiving, at a network element, a message from a management entity, determining, at the network element, a class of a radio network to which the management entity belongs, selecting a function for generating an authentication key based on the determined class, and generating the authentication key using the selected function.

公开(公告)号：US20180295138A1

公开(公告)日：2018-10-11

申请号：US15570646

申请日：2015-04-30

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： John HARRIS ,  Umamaheswar KAKINADA ,  Guenther HORN

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/20

Abstract: Certain example embodiments may generally relate to multi-security levels/traffic management across multiple network function instantiations, including virtualized network function instantiations. A method may include configuring a first instantiation of a first network function to provide a first type of security. The method may also include configuring a second instantiation of the first network function to provide a second type of security that is different than the first type of security. The method may further include allocating at least some of the subscriber traffic to the first instantiation.

公开(公告)号：US20160112207A1

公开(公告)日：2016-04-21

申请号：US14932310

申请日：2015-11-04

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther HORN ,  Wolf-Dietrich MOELLER

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3263 ,  H04L9/08 ,  H04L9/0816 ,  H04L9/0819 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L2209/24 ,  H04L2209/64 ,  H04L2463/061 ,  H04W12/04 ,  H04W36/0055 ,  H04W84/047

Abstract: It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive.

Abstract translation: 提供了一种装置，包括属性检查装置，被配置为检查从索赔装置接收的索赔属性信息是否对应于预定义的索赔人属性; 获取装置，其被配置为获得结果，其仅当所述索赔者属性信息对应于由所述属性检查装置检查的所述预定义的索赔属性时才是正的; 密钥生成装置，被配置为从存储在所述装置中的预定义请求者永久密钥生成第一请求者中间密钥; 供应装置，被配置为使用安全协议向所述索赔人设备提供所述第一请求者中间密钥，其中所述密钥生成装置和所述提供装置中的至少一个被配置为分别产生并仅分别提供所述第一请求者中间密钥 如果结果是肯定的。

公开(公告)号：US20140302821A1

公开(公告)日：2014-10-09

申请号：US14162058

申请日：2014-01-23

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Woonhee HWANG ,  Eric DRURY ,  Guenther HORN

IPC: H04W12/04 ,  H04L5/00

CPC classification number: H04W12/04 ,  H04L5/003 ,  H04L5/0092 ,  H04W36/0055

Abstract: Systems, methods, apparatuses, and computer program products for security handling in, for example, cells that support multiple frequency band indication are provided. One method includes receiving, for example by a source evolved node B (eNB) configured to communicate with a user equipment, a multiple frequency band indicator (MFBI) list, the multiple frequency band indicator (MFBI) list comprising at least one frequency band number listed in the same order of priority as broadcast by a target eNB. The method may further include selecting one of the at least one frequency band number for use by the source eNB, calculating a security key (KeNB*) using the DL EARFCN belonging to the selected frequency band number with the highest priority that is also supported by the user equipment, and signaling the calculated security key to the target eNB.

Abstract translation: 提供了用于例如支持多个频带指示的小区中用于安全处理的系统，方法，装置和计算机程序产品。 一种方法包括例如由被配置为与用户设备通信的源演进节点B（eNB）接收多频带​​指示符（MFBI）列表，所述多频带指示符（MFBI）列表包括至少一个频带号 以与目标eNB广播的优先级相同的顺序列出。 所述方法还可以包括：选择所述至少一个频带号码中的一个，以由所述源eNB使用，使用属于所选择的所述频带号的所述DL EARFCN计算安全密钥（KeNB *），所述最高优先级也由 用户设备，并将计算出的安全密钥发送给目标eNB。

公开(公告)号：US20210092163A1

公开(公告)日：2021-03-25

申请号：US17116398

申请日：2020-12-09

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther HORN

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/00

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

公开(公告)号：US20190028515A1

公开(公告)日：2019-01-24

申请号：US16069962

申请日：2017-01-13

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther HORN

IPC: H04L29/06 ,  H04W12/10

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

公开(公告)号：US20170264647A1

公开(公告)日：2017-09-14

申请号：US15504924

申请日：2015-08-17

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Anja JERICHOW ,  Thomas BELLING ,  Guenther HORN

IPC: H04L29/06 ,  H04W4/06

CPC classification number: H04L63/205 ,  H04L69/16 ,  H04W4/06 ,  H04W12/0013 ,  H04W12/04

Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.