-
公开(公告)号:US20210037372A1
公开(公告)日:2021-02-04
申请号:US16639335
申请日:2017-08-21
Applicant: Nokia Technologies Oy
Inventor: Guenther Horn , Anja Jerichow
Abstract: User equipment is registered with a visited public land mobile network, VPLMN, in a process including: producing at the user equipment a concealed identifier; producing at the user equipment a freshness code; and sending by the user equipment to the VPLMN the concealed identifier and the freshness code; receiving by the user equipment an identity request from the VPLMN indicating that the long-term identifier must be transmitted to the VPLMN in a non-concealed form; receiving by the user equipment from the VPLMN a permission authenticator; and verifying at the user equipment if the permission authenticator has been formed with a cryptographic authentication of the home public land mobile network, HPLMN, and the user equipment or a subscription module at the user equipment indicating permission to transmit the long-term identifier to the VPLMN in the non-concealed form and if yes, transmitting the long-term identifier to the VPLMN in the non-concealed form.
-
公开(公告)号:US10826946B2
公开(公告)日:2020-11-03
申请号:US16014358
申请日:2018-06-21
Applicant: Nokia Technologies Oy
Inventor: Nagendra S. Bykampadi , Suresh P. Nair , Anja Jerichow
Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises provisioning at least a given one of the first and second security edge protection proxy elements with configuration information that enables the given security edge protection proxy element to identify at least one security operation to be applied to at least one information element in a received message before sending the message to the other one of the first and second security edge protection proxy elements.
-
23.发明授权公开(公告)号:US10548004B2
公开(公告)日:2020-01-28
申请号:US16014219
申请日:2018-06-21
Applicant: Nokia Technologies Oy
Inventor: Nagendra S. Bykampadi , Suresh P. Nair , Anja Jerichow
Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.
-
24.发明申请公开(公告)号:US20190182654A1
公开(公告)日:2019-06-13
申请号:US15836153
申请日:2017-12-08
Applicant: Nokia Technologies Oy
Inventor: Anja Jerichow , Suresh Nair
Abstract: Illustrative embodiments provide subscriber privacy management techniques that prevent a covert channel from being established between user equipment and a home network through a serving network in a communication system. In one example, a random value is computed in the serving network and added to the registration request procedure. The techniques also enable the home network to control UE behavior using an authorization token.
-
公开(公告)号:US10165546B2
公开(公告)日:2018-12-25
申请号:US15462207
申请日:2017-03-17
Applicant: Alcatel-Lucent USA Inc. , Nokia Technologies OY
Inventor: Suresh P. Nair , Anja Jerichow
Abstract: Techniques are provided for protecting the privacy of user equipment during paging operations in a communication system. In one example, a method includes determining at a mobility management element of a communication system that a paging operation is to be initiated for given user equipment. The method further includes restricting the paging operation between the mobility management element and the given user equipment to use of a temporary identifier for the given user equipment. By not using a permanent identifier of the given user equipment during paging operations, the given user equipment is effectively non-trackable by malicious base stations and active/passive listeners.
-
Patent Agency Ranking
公开(公告)号:US12167241B2
公开(公告)日:2024-12-10
申请号:US17675436
申请日:2022-02-18
Applicant: Nokia Technologies Oy
Inventor: Chaitanya Aggarwal , Saurabh Khare , Anja Jerichow , Gerald Kunzmann , Yannick Lair
IPC: H04W12/069 , H04L9/40 , H04W12/08
Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving from a requesting network function, by a network repository function, an access token request, wherein the access token request is related to a network function consumer requesting access to a service provided by a network function producer and comprises an identity of a vendor of the network function consumer requesting access to the service, means for verifying by the network repository function, based at least on the identity of the vendor of the network function consumer, that the network function consumer is allowed to access the service and means for transmitting to the requesting network function, by the network repository function, an access token upon successful verification, wherein the access token generated and signed by the network repository function comprises the identity of the vendor of the network function consumer and an identity of the vendor of the network function producer.
-
公开(公告)号:US12047780B2
公开(公告)日:2024-07-23
申请号:US17568144
申请日:2022-01-04
Applicant: Nokia Technologies Oy
Inventor: Saurabh Khare , Chaitanya Aggarwal , Anja Jerichow , Gerald Kunzmann
IPC: H04W12/084 , H04W8/18 , H04W12/02 , H04W12/082 , H04W12/60
CPC classification number: H04W12/084 , H04W8/18 , H04W12/02 , H04W12/082 , H04W12/60
Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving, by a network function configured to provide centralized user consent authorization in a cellular communication system, a user consent authorization request from a logical network entity, wherein the user consent authorization request comprises an identity of at least one user equipment whose user consent is requested by the logical network entity, the logical network entity being a network function service consumer or an application function, means for retrieving user consent information concerning the at least one user equipment whose user consent is requested by the logical network entity, wherein said user consent information indicates individually whether the logical network entity is authorized to access data related to each of the at least one user equipment, means for determining, based on said user consent information, whether the logical network entity is authorized to access data related to each of the at least one user equipment and means for transmitting, based on said determination, a response signed by the network function to the logical network entity.
-
公开(公告)号:US11991660B2
公开(公告)日:2024-05-21
申请号:US17487482
申请日:2021-09-28
Applicant: Nokia Technologies Oy
Inventor: Thomas Belling , Bruno Landais , Saurabh Khare , Anja Jerichow
CPC classification number: H04W60/04 , H04L63/20 , H04W8/005 , H04W12/08 , H04W84/042
Abstract: There is provided an apparatus configured to receive, from a first network entity associated with a first domain in a communication network, a request to communicate; determine a second network entity to which to send the request; determine that the second network entity is associated with a second domain in the communication network; and enforce at least one access policy for routing the request to the network entity, wherein the apparatus is a first service communication proxy trusted in both the first and second domains.
-
公开(公告)号:US11991190B2
公开(公告)日:2024-05-21
申请号:US17603528
申请日:2020-04-07
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Anja Jerichow , Nagendra S Bykampadi
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/0876 , H04L63/1425 , H04L63/20
Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to establish a user equipment context for a user equipment registered with the apparatus, the user equipment context being associated with an identity of the user equipment, determine that a plurality of network messages comprising the identity of the user equipment as sender fail a network message integrity process, and trigger, responsive to the determination, at least one of: 1) sending a paging message to the user equipment, and 2) initiating an authentication process with a sender of the network messages, and deletion the user equipment context as a response to successful completion of the authentication process.
-
公开(公告)号:US11979783B2
公开(公告)日:2024-05-07
申请号:US17399399
申请日:2021-08-11
Applicant: NOKIA TECHNOLOGIES OY
Inventor: Saurabh Khare , Yannick Lair , Shubhranshu Singh , Laurent Thiebaut , Cinzia Sartori , Anja Jerichow
IPC: H04W36/00
CPC classification number: H04W36/0083 , H04W36/0055
Abstract: If a first condition for a handover of an analytics calculation for a user equipment by an analytics function is met, the analytics function requests, of at least one other analytics function of the communication network, preparation of the handover of the analytics calculation. If a second condition for the handover of the analytics calculation is met, the analytics function confirms the handover to one of the at least one other analytics function, the analytics calculation for the user equipment at the analytics function being deemed complete.
-
-
-
-
-
-
-
-
-
Search Results
76
records
(took 0.017 seconds)
