公开(公告)号：US20220360586A1

公开(公告)日：2022-11-10

申请号：US17736622

申请日：2022-05-04

Applicant: Nokia Technologies Oy

Inventor： Chaitanya AGGARWAL ,  Suresh NAIR ,  Saurabh KHARE ,  Anja JERICHOW ,  Laurent THIEBAUT

IPC: H04L9/40 ,  H04W48/16

Abstract: There is provided a method, apparatus and computer program product for causing a network repository function to perform: receiving, from a network function service consumer, an access request for an access authorization token, the request comprising a first identification of the network function service consumer and a first identification of at least one network slice on which access is requested; generating an access token in response to the request, the access token comprising at least one network slice identifier for the at least one network slice identified by the first identification; and providing the generated access token to the network function in response to the request for an access authorization token.

公开(公告)号：US20210360393A1

公开(公告)日：2021-11-18

申请号：US17045965

申请日：2019-04-08

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI

IPC: H04W12/00 ,  H04W12/106 ,  H04W8/12

Abstract: A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.

公开(公告)号：US20230362637A1

公开(公告)日：2023-11-09

申请号：US17998668

申请日：2020-05-13

Applicant: Nokia Technologies Oy

Inventor： Laurent THIEBAUT ,  György WOLFNER ,  Devaki CHANDRAMOULI ,  Suresh NAIR

IPC: H04W12/06 ,  H04W12/72

CPC classification number: H04W12/06 ,  H04W12/72

Abstract: Systems, methods, apparatuses, and computer program products for creation of a PCS connection between the remote user equipment (UE) and the relay UE. The remote UE may provide its identifier (e.g., a subscription concealed identifier (SUCI)) to the relay UE and the relay UE may forward this identifier to the network so that the network can authenticate the remote UE. The network may check the authorization of using the relay UE and/or for relaying the remote UE (e.g., both the remote UE and the relay UE may be checked for a configuration that permits the relaying). For the authentication and authorization, the access and mobility management function (AMF) associated with the relay UE may forward the messages between the remote UE and the authentication server function (AUSF) of the remote UE. In this way, certain embodiments described herein may address certain security issues related to relaying a remote UE.

公开(公告)号：US20230247433A1

公开(公告)日：2023-08-03

申请号：US18001928

申请日：2021-06-24

Applicant: Nokia Technologies Oy

Inventor： Saurabh KHARE ,  Narasimha Rao PULIPATI ,  Nagendra BYKAMPADI ,  Suresh NAIR

IPC: H04W12/122 ,  H04L9/40

CPC classification number: H04W12/122 ,  H04L63/1441

Abstract: Techniques for detecting and isolating rogue network entities in a communication network are provided. For example, a method comprises receiving from at least one network entity in a communication network a message identifying one or more network entities suspected of malicious activity operating within the communication network, and initiating one or more remedial actions within the communication network to prevent the one or more network entities suspected of malicious activity operating within the communication network from accessing other network entities in the communication network.

公开(公告)号：US20230073757A1

公开(公告)日：2023-03-09

申请号：US17797631

申请日：2021-02-04

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Devaki CHANDRAMOULI ,  Srinivasan SELVAGANAPATHY ,  Hannu Petri HIETALAHTI ,  Suresh NAIR ,  Philippe Godin

IPC: H04W8/26 ,  H04W68/00 ,  H04W60/00

Abstract: An apparatus and a method for reallocation of global unique temporary identifier (GUTI) in 5G networks are disclosed. The method includes receiving, at a user equipment, a first message from a network, the first message including a first global unique temporary identifier and additional information, at least the first global unique temporary identifier being as-signed to the user equipment; receiving a first data transmission including the first global unique temporary identifier from the network; in response to receiving the first data transmission, deriving, at the user equipment, a second global unique temporary identifier based on the first global unique temporary identifier and the additional information; and receiving a second data transmission including the second global unique temporary identifier from the network.

公开(公告)号：US20220217530A1

公开(公告)日：2022-07-07

申请号：US17608283

申请日：2020-04-30

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Nagendra BYKAMPADI ,  Anja JERICHOW

IPC: H04W12/03 ,  H04W60/06

Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier. Furthermore, by ignoring a deregistration request message with a subscription concealed identifier, an access and mobility N management element of the communication system prevents a malicious actor from succeeding with a deregistration attack replaying

公开(公告)号：US20220217161A1

公开(公告)日：2022-07-07

申请号：US17603528

申请日：2020-04-07

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI

IPC: H04L9/40

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to establish a user equipment context for a user equipment registered with the apparatus, the user equipment context being associated with an identity of the user equipment, determine that a plurality of network messages comprising the identity of the user equipment as sender fail a network message integrity process, and trigger, responsive to the determination, at least one of: 1) sending a paging message to the user equipment, and 2) initiating an authentication process with a sender of the network messages, and deletion the user equipment context as a response to successful completion of the authentication process.

公开(公告)号：US20220191008A1

公开(公告)日：2022-06-16

申请号：US17437652

申请日：2020-03-04

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S. BYKAMPADI

IPC: H04L9/08 ,  H04L67/141

Abstract: In with a network exposure function of a communication network, a method comprises generating at least one application layer cryptographic key based on a request specific to given user equipment received from an application function, and sharing the application layer cryptographic key with the application function. The application layer cryptographic key is configured to enable the application function and the given user equipment to establish a secure communication session.

公开(公告)号：US20210120409A1

公开(公告)日：2021-04-22

申请号：US17043971

申请日：2019-04-04

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI

IPC: H04W12/06 ,  H04W12/40 ,  H04W12/04

Abstract: In given user equipment seeking access to a first communication network (e.g., 5G network), wherein the given user equipment comprises a subscriber identity module (e.g., USIM) configured for a second communication network, and wherein the second communication network is a legacy network with respect to the first communication network (e.g., legacy 4G network), a method includes: initiating an authentication procedure with at least one network entity of the first communication network and selecting an authentication method to be used during the authentication procedure; and participating in the authentication procedure with the at least one network entity using the selected authentication method and, upon successful authentication, the given user equipment obtaining a set of keys to enable the given user equipment to access the first communication network.

公开(公告)号：US20200021992A1

公开(公告)日：2020-01-16

申请号：US16581690

申请日：2019-09-24

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S. BYKAMPADI

IPC: H04W12/10 ,  H04W4/14 ,  H04L9/14 ,  H04W60/00 ,  H04L29/06 ,  H04W12/04 ,  H04W8/02

Abstract: A short message service (SMS) message is encrypted using an encryption key stored at a user equipment and an access and mobility management function (AMF) and the encrypted SMS message is added to a payload of a non-access stratum (NAS) message that includes an NAS header. Integrity protection is applied to the NAS message using an integrity key stored at the user equipment and the AMF and the integrity-protected NAS message is transmitted. The NAS message is received via an NAS link between the user equipment and the AMF. An integrity check is performed on the NAS message using the integrity key. An encrypted short message service (SMS) message is extracted from a payload of the NAS message in response to the integrity check being successful and the encrypted SMS message is decrypted using the encryption key.