-
公开(公告)号:US11589326B2
公开(公告)日:2023-02-21
申请号:US16943880
申请日:2020-07-30
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Betsy Covell
Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.
-
公开(公告)号:US20220039040A1
公开(公告)日:2022-02-03
申请号:US16943880
申请日:2020-07-30
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Betsy Covell
Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.
-
23.发明申请公开(公告)号:US20210250186A1
公开(公告)日:2021-08-12
申请号:US17053591
申请日:2019-05-07
Applicant: Nokia Technologies Oy
Inventor: Nagendra S Bykampadi , Anja Jerichow , Suresh Nair
IPC: H04L9/32 , H04W12/069 , H04W12/50 , H04L29/08
Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, one of the first and second security edge protection proxy elements initiates a mutual authentication procedure with the other of the first and second security edge protection proxy elements. The one of the first and second security edge protection proxy elements exchanges credentials with the other of the first and second security edge protection proxy elements, wherein a secure channel is established between the first and second security edge protection proxy elements upon verification of the credentials.
-
24.发明授权公开(公告)号:US11997477B2
公开(公告)日:2024-05-28
申请号:US17608283
申请日:2020-04-30
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Nagendra Bykampadi , Anja Jerichow
Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier. Furthermore, by ignoring a deregistration request message with a subscription concealed identifier, an access and mobility management element of the communication system prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier.
-
公开(公告)号:US11956627B2
公开(公告)日:2024-04-09
申请号:US17180151
申请日:2021-02-19
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Laurent Thiebaut , Omar Elloumi
CPC classification number: H04W12/06 , H04L9/0894 , H04L9/3236 , H04W12/03 , H04L2209/80
Abstract: Techniques for securing an identifier of user equipment for a request external to a communication network are disclosed. For example, a method comprises receiving, at a network entity, a request for identification information for user equipment from an entity external to a communication network to which the network entity belongs. The network entity generates a secure identifier for the user equipment, wherein the secure identifier comprises an encrypted form of a public subscription identifier associated with the user equipment. The network entity sends the secure identifier to the external entity. The network entity receives the secure identifier in a subsequent request from the external entity. The network entity utilizes the received secure identifier to confirm the received secure identifier corresponds to the user equipment.
-
Patent Agency Ranking
26.发明授权公开(公告)号:US11722891B2
公开(公告)日:2023-08-08
申请号:US17043971
申请日:2019-04-04
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Anja Jerichow , Nagendra S Bykampadi
Abstract: In given user equipment seeking access to a first communication network (e.g., 5G network), wherein the given user equipment comprises a subscriber identity module (e.g., USIM) configured for a second communication network, and wherein the second communication network is a legacy network with respect to the first communication network (e.g., legacy 4G network), a method includes: initiating an authentication procedure with at least one network entity of the first communication network and selecting an authentication method to be used during the authentication procedure; and participating in the authentication procedure with the at least one network entity using the selected authentication method and, upon successful authentication, the given user equipment obtaining a set of keys to enable the given user equipment to access the first communication network.
-
公开(公告)号:US20230232234A1
公开(公告)日:2023-07-20
申请号:US17997910
申请日:2020-05-14
Applicant: NOKIA TECHNOLOGIES OY
Inventor: Benoist Sébire , Samuli Turtinen , Chunli Wu , Suresh Nair
IPC: H04W12/106 , H04W8/24
CPC classification number: H04W12/106 , H04W8/24
Abstract: Example embodiments of the present disclosure relate to partial integrity protection in telecommunication systems. According to embodiments of the present disclosure, there is provided a solution for implementing partial integrity protection. The terminal device receives configuration of the partial integrity protection and applies the integrity protection on a portion of data packets which are communicated between communication devices. In this way, the communication devices can always provide integrity protection for services, regardless of their bit rate. Thus, security of communication can be improved. It also allows to provide integrity protection with limited impacts to power consumption and overheating.
-
公开(公告)号:US20220038896A1
公开(公告)日:2022-02-03
申请号:US16943869
申请日:2020-07-30
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Ranganathan Mavureddi Dhanasekaran , Anja Jerichow
Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.
-
公开(公告)号:US20210248025A1
公开(公告)日:2021-08-12
申请号:US17054949
申请日:2019-05-07
Applicant: Nokia Technologies Oy
Inventor: Suresh Nair , Anja Jerichow , Nagendra S Bykampadi
IPC: G06F11/07 , H04L29/06 , H04L12/707
Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, and wherein one of the first and second security edge protection proxy elements is a sending security edge protection proxy element and the other of the first and second security edge protection proxy elements is a receiving security edge protection proxy element, the receiving security edge protection proxy element receives a message from the sending security edge protection proxy element. The receiving security edge protection proxy element detects one or more error conditions associated with the received message. The receiving security edge protection proxy element determines one or more error handling actions to be taken in response to the one or more detected error conditions.
-
30.发明申请公开(公告)号:US20210219137A1
公开(公告)日:2021-07-15
申请号:US17253895
申请日:2019-09-20
Applicant: Nokia Technologies Oy
Inventor: Nagendra S Bykampadi , Anja Jerichow , Suresh Nair
IPC: H04W12/086 , H04L29/06 , H04W12/033 , H04W76/12 , H04W88/16
Abstract: In one example, a method initiates establishment of a secure tunnel by a security proxy element (e.g., SEPP) in a first communication network (e.g., VPLMN) with an internetwork exchange element (e.g., IPX node) which is operatively coupled between the first communication network and a second communication network (e.g., HPLMN). Upon establishment of the secure tunnel, the method sends a message from the security proxy element to the internetwork exchange element over the secure tunnel. The secure tunnel can be a VPN tunnel and can be established using TLS or IPsec. In one example, the internetwork exchange node functions as an HTTP proxy, and in another embodiment as an interception (e.g., MITM) proxy. In another example, HTTPS is used to establish a separate TLS connection for each HTTP message. In yet another example, the security proxy element is configured to select (and change as needed) the secure communication mechanism.
-
-
-
-
-
-
-
-
-
Search Results
32
records
(took 0.024 seconds)
