公开(公告)号：US20190260803A1

公开(公告)日：2019-08-22

申请号：US16014262

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/02 ,  H04L9/08 ,  H04L12/24 ,  H04L29/08

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises configuring at least a given one of the first and second security edge protection proxy elements to apply application layer security to one or more information elements in a received message from a network function before sending the message to the other one of the first and second security edge protection proxy elements.

公开(公告)号：US20190253461A1

公开(公告)日：2019-08-15

申请号：US16014358

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises provisioning at least a given one of the first and second security edge protection proxy elements with configuration information that enables the given security edge protection proxy element to identify at least one security operation to be applied to at least one information element in a received message before sending the message to the other one of the first and second security edge protection proxy elements.

公开(公告)号：US20190036697A1

公开(公告)日：2019-01-31

申请号：US15729205

申请日：2017-10-10

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  Annett Seefeldt ,  Nagendra S. Bykampadi ,  Suresh P. Nair ,  Ulrich Wiehe

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/08 ,  H04L9/30

Abstract: Privacy management techniques for communication systems are provided. In one or more methods, one or more cryptographic key pairs are provisioned in a home network of a communication system for utilization by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication system. The cryptographic key pairs are managed utilizing an element or function in the home network of the communication system. In one or more other methods, one or more public keys associated with one or more cryptographic key pairs are stored in user equipment, the cryptographic key pairs being provisioned by a home network of a communication system for use by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication network. An element or function of the home network of the communication system is interfaced for management of the public keys stored in the user equipment.

公开(公告)号：US11792163B2

公开(公告)日：2023-10-17

申请号：US17053127

申请日：2019-05-10

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Uwe Rauschenbach

IPC: H04L9/40 ,  H04L61/45

CPC classification number: H04L63/0281 ,  H04L61/45 ,  H04L63/0428 ,  H04L63/12 ,  H04L63/20

Abstract: In a communication system wherein a first security edge protection proxy (SEPP) element of a first network is operatively coupled to a second SEPP element of a second network, a method includes receiving, at the first SEPP element, a first message from a first network function in the first network addressed to a second network function in the second network, the first message comprising one of a request and a response line comprising a uniform resource identifier (URI) having a plurality of elements. The method also includes forming, at the first SEPP, a second message comprising encrypted and integrity protected portions, the encrypted portion comprising an encryption of at least a subset of the plurality of elements of the URI, the integrity protected portion comprising a structured representation of the URI wherein instances of elements in the subset are replaced with references to the encrypted portion.

公开(公告)号：US10785653B2

公开(公告)日：2020-09-22

申请号：US16581690

申请日：2019-09-24

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S. Bykampadi

IPC: H04W12/10 ,  H04W8/02 ,  H04W12/04 ,  H04W4/14 ,  H04W60/00 ,  H04L9/14 ,  H04L29/06 ,  H04W12/00 ,  H04W8/18 ,  H04W88/18

Abstract: A short message service (SMS) message is encrypted using an encryption key stored at a user equipment and an access and mobility management function (AMF) and the encrypted SMS message is added to a payload of a non-access stratum (NAS) message that includes an NAS header. Integrity protection is applied to the NAS message using an integrity key stored at the user equipment and the AMF and the integrity-protected NAS message is transmitted. The NAS message is received via an NAS link between the user equipment and the AMF. An integrity check is performed on the NAS message using the integrity key. An encrypted short message service (SMS) message is extracted from a payload of the NAS message in response to the integrity check being successful and the encrypted SMS message is decrypted using the encryption key.

公开(公告)号：US10470042B2

公开(公告)日：2019-11-05

申请号：US15974394

申请日：2018-05-08

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S. Bykampadi

IPC: H04W12/10 ,  H04W8/02 ,  H04W12/04 ,  H04W4/14 ,  H04L29/06 ,  H04W60/00 ,  H04L9/14 ,  H04W8/18 ,  H04W88/18

Abstract: A short message service (SMS) message is encrypted using an encryption key stored at a user equipment and an access and mobility management function (AMF) and the encrypted SMS message is added to a payload of a non-access stratum (NAS) message that includes an NAS header. Integrity protection is applied to the NAS message using an integrity key stored at the user equipment and the AMF and the integrity-protected NAS message is transmitted. The NAS message is received via an NAS link between the user equipment and the AMF. An integrity check is performed on the NAS message using the integrity key. An encrypted short message service (SMS) message is extracted from a payload of the NAS message in response to the integrity check being successful and the encrypted SMS message is decrypted using the encryption key.

公开(公告)号：US20190253894A1

公开(公告)日：2019-08-15

申请号：US16014567

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: H04W12/08 ,  H04W12/06 ,  H04W8/12 ,  H04W48/04 ,  H04W48/16 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04W12/08 ,  H04L9/3247 ,  H04L63/0807 ,  H04W8/12 ,  H04W12/06 ,  H04W48/04 ,  H04W48/16

Abstract: Security management techniques for roaming service authorization for communication systems are provided. In one or more methods, a first element or function in a visiting network of a communication system receives a first service discovery request from a second element or function in the visiting network for services provided by at least a third element or function in a home network of the communication system, sends a second service discovery request to a fourth element or function in the home network of the communication system responsive to authenticating the second element or function, receives from the fourth element or function a first service discovery response comprising an access token for the second element or function, and provides to the second element or function a second service discovery response comprising the access token, the access token being used by the second element or function to access the one or more services provided by the third element or function.

公开(公告)号：US20190253395A1

公开(公告)日：2019-08-15

申请号：US16014294

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W88/16

CPC classification number: H04L63/04 ,  H04L63/0471 ,  H04L63/12 ,  H04L63/20 ,  H04L67/02 ,  H04W12/001 ,  H04W12/00505 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/042 ,  H04W88/16

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises constructing a message at a network function in the first network destined for the second network, wherein the message comprises at least one information element and an indicator, wherein the indicator is set to specify at least one security operation to be applied to the at least one information element before sending the message to the second security edge protection proxy element of the second network.