公开(公告)号：US11789803B2

公开(公告)日：2023-10-17

申请号：US17054949

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: G06F11/07 ,  H04L45/00 ,  H04L9/40

CPC classification number: G06F11/079 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0772 ,  G06F11/0793 ,  H04L45/22 ,  H04L63/0281 ,  H04L63/123 ,  H04L63/166

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, and wherein one of the first and second security edge protection proxy elements is a sending security edge protection proxy element and the other of the first and second security edge protection proxy elements is a receiving security edge protection proxy element, the receiving security edge protection proxy element receives a message from the sending security edge protection proxy element. The receiving security edge protection proxy element detects one or more error conditions associated with the received message. The receiving security edge protection proxy element determines one or more error handling actions to be taken in response to the one or more detected error conditions.

公开(公告)号：US11582599B2

公开(公告)日：2023-02-14

申请号：US17045965

申请日：2019-04-08

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W12/00 ,  H04W8/12 ,  H04W12/106 ,  H04W84/04

Abstract: A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.

公开(公告)号：US20210377212A1

公开(公告)日：2021-12-02

申请号：US17056606

申请日：2019-05-20

Applicant: Nokia Technologies Oy

Inventor： Silke HOLTMANNS ,  Yoan Jean Claude MICHE ,  Nagendra S Bykampadi

IPC: H04L29/06

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a receiver configured to receive a message from a first security zone, distinct from the one where the apparatus is comprised in, and at least one processing core configured to determine whether to apply a recovery action to the message, the determination comprising a first verification, based on first criteria, to assess whether to apply the recovery action outright, and only in case the first verification does not result in the assessment to apply the recovery action outright, a second verification, based on second criteria, to generate a first weight and a third verification, based on third criteria, to generate a second weight, and to compare a sum of the first weight and the second weight to a predefined trigger to perform the determination.

公开(公告)号：US20210321303A1

公开(公告)日：2021-10-14

申请号：US17273781

申请日：2019-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W28/24 ,  H04W12/03 ,  H04L29/06 ,  H04W8/12

Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.

公开(公告)号：US20210234706A1

公开(公告)日：2021-07-29

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US20210029177A1

公开(公告)日：2021-01-28

申请号：US17044347

申请日：2019-04-02

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Uwe Rauschenbach

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/06 ,  H04W12/00

Abstract: A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.