公开(公告)号：US10917789B2

公开(公告)日：2021-02-09

申请号：US15700940

申请日：2017-09-11

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/08 ,  H04L12/24 ,  H04W8/02 ,  H04W76/19

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

公开(公告)号：US20190253885A1

公开(公告)日：2019-08-15

申请号：US16014219

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/06

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.

公开(公告)号：US20190104447A1

公开(公告)日：2019-04-04

申请号：US15822907

申请日：2017-11-27

Applicant: Nokia Technologies Oy

Inventor： Guenther Horn ,  Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: H04W36/00 ,  H04L29/06 ,  H04W12/06 ,  H04W8/08

CPC classification number: H04W36/0038 ,  H04L63/0876 ,  H04W8/08 ,  H04W12/04 ,  H04W12/06 ,  H04W12/1004 ,  H04W36/10

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

公开(公告)号：US20180331830A1

公开(公告)日：2018-11-15

申请号：US15726974

申请日：2017-10-06

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies Oy

Inventor： Anja Jerichow ,  Annett Seefeldt ,  Suresh P. Nair

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/00

CPC classification number: H04L9/3073 ,  H04L9/006 ,  H04L9/083 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/14 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/068 ,  H04W12/0023 ,  H04W12/04

Abstract: Key identification techniques for determination of appropriate keys for processing messages in communication systems are provided. In one or more methods, an indicator is assigned to each key pair provisioned in a communication system. The indicator is then sent to one or more network elements or functions in the communication system with a message encrypted with a first part of the key pair corresponding to the indicator. A network element or function receiving the encrypted message determines, based on the indicator, a corresponding second part of the key pair to use to process the encrypted message.

公开(公告)号：US20180324583A1

公开(公告)日：2018-11-08

申请号：US15588039

申请日：2017-05-05

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04W76/02 ,  H04W64/00 ,  H04W48/14

CPC classification number: H04W12/02 ,  H04L63/1458 ,  H04W12/12 ,  H04W48/14 ,  H04W64/00 ,  H04W76/11 ,  H04W88/02

Abstract: Techniques are provided for protecting the privacy of user equipment during identity request operations in a communication system. In one example, a method includes receiving a current identity request at given user equipment of a communication system. The method further includes making a determination at the given user equipment whether or not to respond to the current identity request in a manner requested based on a count of previous identity requests received by the given user equipment.

公开(公告)号：US20180270786A1

公开(公告)日：2018-09-20

申请号：US15462207

申请日：2017-03-17

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W68/02 ,  H04W8/02 ,  H04W12/02

CPC classification number: H04W68/02 ,  H04L63/0414 ,  H04W8/02 ,  H04W8/18 ,  H04W8/30 ,  H04W12/02 ,  H04W68/00

Abstract: Techniques are provided for protecting the privacy of user equipment during paging operations in a communication system. In one example, a method includes determining at a mobility management element of a communication system that a paging operation is to be initiated for given user equipment. The method further includes restricting the paging operation between the mobility management element and the given user equipment to use of a temporary identifier for the given user equipment. By not using a permanent identifier of the given user equipment during paging operations, the given user equipment is effectively non-trackable by malicious base stations and active/passive listeners.

公开(公告)号：US11792172B2

公开(公告)日：2023-10-17

申请号：US15794856

申请日：2017-10-26

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair ,  Anja Jerichow ,  Annett Seefeldt

IPC: H04L9/40 ,  H04W12/02 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069

CPC classification number: H04L63/0442 ,  H04L63/06 ,  H04L63/083 ,  H04L63/0876 ,  H04W12/02 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069

Abstract: Techniques for providing privacy features in communication systems are provided. For example, a message may be provided from user equipment to an element or function in a communication network that comprises one or more privacy indicators, where privacy features for processing the message are determined based on the privacy indicators. The message may comprise an attach request comprising a subscription identifier for a subscriber associated with the user equipment, with the privacy indicators comprising a flag indicating whether the subscription identifier in the attach request is privacy-protected. As another example, the element of function in the communication network may determine privacy features supported by the communication network and generate and send a message to user equipment comprising one or more privacy indicators selected based on the determined privacy features. The privacy indicators may comprise an indication of whether the communication network is configured for handling privacy-protected subscription identifiers.

公开(公告)号：US11057766B2

公开(公告)日：2021-07-06

申请号：US16178266

申请日：2018-11-01

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair ,  Tsunehiko Chiba ,  Philippe Godin

IPC: H04W12/04 ,  H04W12/10 ,  H04W92/10 ,  H04W12/041 ,  H04W12/60

Abstract: A reconfiguration message is received at user equipment in a communication system from a disaggregated base station with which the user equipment has a current security context established. The reconfiguration message comprises an instruction to compute a new security context based on a security domain counter value, wherein the security domain counter value represents a given security domain from a plurality of security domains supported by the disaggregated base station. The new security context is computed at the user equipment for the given security domain based on the security domain counter value. A set of security keys are derived from the new security context at the user equipment.

公开(公告)号：US10963553B2

公开(公告)日：2021-03-30

申请号：US16014418

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: G06F21/33 ,  H04L29/06 ,  H04L9/32 ,  H04W12/04 ,  H04W12/08 ,  H04W12/06 ,  H04L9/08

Abstract: Security management techniques for service authorization for communication systems are provided. In one or more methods, a first element or function in a home network of a communication system registers a second element or function in the home network as a service consumer of one or more services provided by at least a third element or function in the home network, receives a request from the second element or function, and provides an access token to the second element or function responsive to authenticating the second element or function, the access token being used by the second element or function to access the one or more services provided by the third element or function.

公开(公告)号：US10743205B2

公开(公告)日：2020-08-11

申请号：US16178211

申请日：2018-11-01

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair

IPC: H04W24/10 ,  H04W36/08 ,  H04W12/12 ,  H04W84/04

Abstract: A measurement report is sent from user equipment in a communication system to a serving base station in a serving cell of the communication system, wherein the measurement report comprises one or more signal measurements obtained by the user equipment for one or more other base stations in the communication system. A base station removal list is received at the user equipment from the serving base station which lists any base stations from the measurement report that failed a set-up procedure and are thus potentially false base stations. Any base stations in the base station removal list are removed from consideration by the user equipment as a target base station for a handover procedure.