公开(公告)号：US10165546B2

公开(公告)日：2018-12-25

申请号：US15462207

申请日：2017-03-17

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W68/02 ,  H04W8/02 ,  H04W12/02

Abstract: Techniques are provided for protecting the privacy of user equipment during paging operations in a communication system. In one example, a method includes determining at a mobility management element of a communication system that a paging operation is to be initiated for given user equipment. The method further includes restricting the paging operation between the mobility management element and the given user equipment to use of a temporary identifier for the given user equipment. By not using a permanent identifier of the given user equipment during paging operations, the given user equipment is effectively non-trackable by malicious base stations and active/passive listeners.

公开(公告)号：US11582214B2

公开(公告)日：2023-02-14

申请号：US16338195

申请日：2016-09-30

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Daniela Laselva ,  Suresh P. Nair ,  Mika Rinne

IPC: H04L29/06 ,  H04L9/40 ,  H04W24/08 ,  H04W28/02 ,  H04W12/0431 ,  H04W84/12

Abstract: Certain embodiments provide a method of updating a security. The method can include monitoring a bearer that includes first and second radio accesses according to different radio technologies between user equipment and a communications network. One or more properties of the monitored bearer can be determined. An update of a security key utilized for securing communications over at least one of the radio accesses can be triggered in response to determining that the determined properties meet at least one triggering condition capable of indicating a need for the update.

公开(公告)号：US10574457B2

公开(公告)日：2020-02-25

申请号：US15726974

申请日：2017-10-06

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies Oy

Inventor： Anja Jerichow ,  Annett Seefeldt ,  Suresh P. Nair

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/00 ,  H04L9/08 ,  H04W12/04 ,  H04W12/00 ,  H04L9/14

Abstract: Key identification techniques for determination of appropriate keys for processing messages in communication systems are provided. In one or more methods, an indicator is assigned to each key pair provisioned in a communication system. The indicator is then sent to one or more network elements or functions in the communication system with a message encrypted with a first part of the key pair corresponding to the indicator. A network element or function receiving the encrypted message determines, based on the indicator, a corresponding second part of the key pair to use to process the encrypted message.

公开(公告)号：US20190253894A1

公开(公告)日：2019-08-15

申请号：US16014567

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: H04W12/08 ,  H04W12/06 ,  H04W8/12 ,  H04W48/04 ,  H04W48/16 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04W12/08 ,  H04L9/3247 ,  H04L63/0807 ,  H04W8/12 ,  H04W12/06 ,  H04W48/04 ,  H04W48/16

Abstract: Security management techniques for roaming service authorization for communication systems are provided. In one or more methods, a first element or function in a visiting network of a communication system receives a first service discovery request from a second element or function in the visiting network for services provided by at least a third element or function in a home network of the communication system, sends a second service discovery request to a fourth element or function in the home network of the communication system responsive to authenticating the second element or function, receives from the fourth element or function a first service discovery response comprising an access token for the second element or function, and provides to the second element or function a second service discovery response comprising the access token, the access token being used by the second element or function to access the one or more services provided by the third element or function.

公开(公告)号：US20190253395A1

公开(公告)日：2019-08-15

申请号：US16014294

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W88/16

CPC classification number: H04L63/04 ,  H04L63/0471 ,  H04L63/12 ,  H04L63/20 ,  H04L67/02 ,  H04W12/001 ,  H04W12/00505 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/042 ,  H04W88/16

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises constructing a message at a network function in the first network destined for the second network, wherein the message comprises at least one information element and an indicator, wherein the indicator is set to specify at least one security operation to be applied to the at least one information element before sending the message to the second security edge protection proxy element of the second network.

公开(公告)号：US10171993B2

公开(公告)日：2019-01-01

申请号：US15588039

申请日：2017-05-05

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04W64/00 ,  H04W48/14 ,  H04W76/11 ,  H04W88/02

Abstract: Techniques are provided for protecting the privacy of user equipment during identity request operations in a communication system. In one example, a method includes receiving a current identity request at given user equipment of a communication system. The method further includes making a determination at the given user equipment whether or not to respond to the current identity request in a manner requested based on a count of previous identity requests received by the given user equipment.

公开(公告)号：US20240406728A1

公开(公告)日：2024-12-05

申请号：US18800762

申请日：2024-08-12

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh P. Nair

IPC: H04W12/08 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/0654 ,  H04W8/02 ,  H04W76/19

Abstract: Following radio link failure (RLF) of a radio link between a cellular internet-of-things (CIoT) user equipment (UE) and a source access node (nodeB) during a data transfer operation over a control plane between a mobility management entity (MME) of a narrow-band IoT (NB-IoT), a radio link is recovered by transmitting an RLF message from the CIoT UE to the MME of the NB-IoT network via a target nodeB, the target nodeB being different from the source nodeB. The RLF message is protected using a key associated with a non-access stratum (NAS) security context previously established between the CIoT UE and the MME of the NB-IoT network. The MME of the NB-IoT network can retrieve data that failed to be delivered to the CIoT UE due to the RLF during the data transfer operation over the control plane and provide said data to the UE via target nodeB.

公开(公告)号：US20240007449A1

公开(公告)日：2024-01-04

申请号：US18242963

申请日：2023-09-06

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair ,  Anja Jerichow ,  Annett Seefeldt

IPC: H04L9/40 ,  H04W12/02 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069

CPC classification number: H04L63/0442 ,  H04L63/083 ,  H04L63/06 ,  H04L63/0876 ,  H04W12/02 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069

Abstract: Techniques for providing privacy features in communication systems are provided. For example, a message may be provided from user equipment to an element or function in a communication network that comprises one or more privacy indicators, where privacy features for processing the message are determined based on the privacy indicators. The message may comprise an attach request comprising a subscription identifier for a subscriber associated with the user equipment, with the privacy indicators comprising a flag indicating whether the subscription identifier in the attach request is privacy-protected. As another example, the element of function in the communication network may determine privacy features supported by the communication network and generate and send a message to user equipment comprising one or more privacy indicators selected based on the determined privacy features. The privacy indicators may comprise an indication of whether the communication network is configured for handling privacy-protected subscription identifiers.

公开(公告)号：US20230046112A1

公开(公告)日：2023-02-16

申请号：US17976047

申请日：2022-10-28

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L9/40 ,  H04L9/08

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

公开(公告)号：US11038923B2

公开(公告)日：2021-06-15

申请号：US16014262

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/02 ,  H04L29/08 ,  H04L9/08 ,  H04L12/24

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises configuring at least a given one of the first and second security edge protection proxy elements to apply application layer security to one or more information elements in a received message from a network function before sending the message to the other one of the first and second security edge protection proxy elements.