公开(公告)号：US20210321303A1

公开(公告)日：2021-10-14

申请号：US17273781

申请日：2019-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W28/24 ,  H04W12/03 ,  H04L29/06 ,  H04W8/12

Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.

公开(公告)号：US20210234706A1

公开(公告)日：2021-07-29

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US11991190B2

公开(公告)日：2024-05-21

申请号：US17603528

申请日：2020-04-07

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/0876 ,  H04L63/1425 ,  H04L63/20

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to establish a user equipment context for a user equipment registered with the apparatus, the user equipment context being associated with an identity of the user equipment, determine that a plurality of network messages comprising the identity of the user equipment as sender fail a network message integrity process, and trigger, responsive to the determination, at least one of: 1) sending a paging message to the user equipment, and 2) initiating an authentication process with a sender of the network messages, and deletion the user equipment context as a response to successful completion of the authentication process.

公开(公告)号：US11902792B2

公开(公告)日：2024-02-13

申请号：US17045370

申请日：2019-04-04

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi ,  Dimitrios Schoinianakis

IPC: H04L29/00 ,  H04W12/72 ,  H04W12/041 ,  H04L9/30 ,  H04W12/06

CPC classification number: H04W12/72 ,  H04L9/3073 ,  H04W12/041 ,  H04W12/06

Abstract: At given user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the given user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the given user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for the given authentication scenario.

公开(公告)号：US11564086B2

公开(公告)日：2023-01-24

申请号：US17176762

申请日：2021-02-16

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran

IPC: H04W12/02 ,  H04W12/033 ,  H04W12/45 ,  H04W68/00 ,  H04W12/50

Abstract: Techniques for securing mobile-terminated messages are disclosed. In one example, a method comprises receiving, at user equipment, a concealed message from a communication network with which the user equipment is in an idle state. The method de-conceals the concealed message, at the user equipment, to obtain at least one indicator value using at least a security value previously agreed upon with the communication network. The method generates a decision, at the user equipment, with respect to the idle state based on the obtained at least one indicator value. In one example, the at least one indicator value comprises a paging cause value.

公开(公告)号：US11483741B2

公开(公告)日：2022-10-25

申请号：US17273781

申请日：2019-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W28/24 ,  H04W12/03 ,  H04L9/40 ,  H04W8/12 ,  H04W84/04

Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.

公开(公告)号：US20220201793A1

公开(公告)日：2022-06-23

申请号：US17602326

申请日：2019-04-18

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair

IPC: H04W76/25 ,  H04W12/03 ,  H04W12/041

Abstract: Improved techniques for control plane message management in a communication system are provided. For example, a method comprises transmitting control data over a control plane associated with a communication system using a first access identifier value, and transmitting user data over the control plane using a second access identifier value. The first access identifier value is distinct from the second access identifier value.

公开(公告)号：US12184790B2

公开(公告)日：2024-12-31

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US12015920B2

公开(公告)日：2024-06-18

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra Bykampadi ,  Laurent Thiebaut ,  Anja Jerichow ,  Suresh Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

CPC classification number: H04W12/08 ,  H04L9/3213 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US11659387B2

公开(公告)日：2023-05-23

申请号：US16943869

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/72 ,  H04W12/06 ,  H04L9/32 ,  H04L9/40 ,  H04W8/18

CPC classification number: H04W12/06 ,  H04L9/3271 ,  H04L63/08 ,  H04W8/18 ,  H04W12/72

Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.