公开(公告)号：US11564086B2

公开(公告)日：2023-01-24

申请号：US17176762

申请日：2021-02-16

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran

IPC: H04W12/02 ,  H04W12/033 ,  H04W12/45 ,  H04W68/00 ,  H04W12/50

Abstract: Techniques for securing mobile-terminated messages are disclosed. In one example, a method comprises receiving, at user equipment, a concealed message from a communication network with which the user equipment is in an idle state. The method de-conceals the concealed message, at the user equipment, to obtain at least one indicator value using at least a security value previously agreed upon with the communication network. The method generates a decision, at the user equipment, with respect to the idle state based on the obtained at least one indicator value. In one example, the at least one indicator value comprises a paging cause value.

公开(公告)号：US11483741B2

公开(公告)日：2022-10-25

申请号：US17273781

申请日：2019-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W28/24 ,  H04W12/03 ,  H04L9/40 ,  H04W8/12 ,  H04W84/04

Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.

公开(公告)号：US20220201793A1

公开(公告)日：2022-06-23

申请号：US17602326

申请日：2019-04-18

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair

IPC: H04W76/25 ,  H04W12/03 ,  H04W12/041

Abstract: Improved techniques for control plane message management in a communication system are provided. For example, a method comprises transmitting control data over a control plane associated with a communication system using a first access identifier value, and transmitting user data over the control plane using a second access identifier value. The first access identifier value is distinct from the second access identifier value.

公开(公告)号：US11997477B2

公开(公告)日：2024-05-28

申请号：US17608283

申请日：2020-04-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Nagendra Bykampadi ,  Anja Jerichow

IPC: H04W60/06 ,  H04W12/03

CPC classification number: H04W12/03 ,  H04W60/06

Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier. Furthermore, by ignoring a deregistration request message with a subscription concealed identifier, an access and mobility management element of the communication system prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier.

公开(公告)号：US11956627B2

公开(公告)日：2024-04-09

申请号：US17180151

申请日：2021-02-19

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Laurent Thiebaut ,  Omar Elloumi

IPC: H04W12/06 ,  H04L9/08 ,  H04L9/32 ,  H04W12/03

CPC classification number: H04W12/06 ,  H04L9/0894 ,  H04L9/3236 ,  H04W12/03 ,  H04L2209/80

Abstract: Techniques for securing an identifier of user equipment for a request external to a communication network are disclosed. For example, a method comprises receiving, at a network entity, a request for identification information for user equipment from an entity external to a communication network to which the network entity belongs. The network entity generates a secure identifier for the user equipment, wherein the secure identifier comprises an encrypted form of a public subscription identifier associated with the user equipment. The network entity sends the secure identifier to the external entity. The network entity receives the secure identifier in a subsequent request from the external entity. The network entity utilizes the received secure identifier to confirm the received secure identifier corresponds to the user equipment.

公开(公告)号：US11722891B2

公开(公告)日：2023-08-08

申请号：US17043971

申请日：2019-04-04

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W12/06 ,  H04W12/40 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04W12/04 ,  H04W12/40

Abstract: In given user equipment seeking access to a first communication network (e.g., 5G network), wherein the given user equipment comprises a subscriber identity module (e.g., USIM) configured for a second communication network, and wherein the second communication network is a legacy network with respect to the first communication network (e.g., legacy 4G network), a method includes: initiating an authentication procedure with at least one network entity of the first communication network and selecting an authentication method to be used during the authentication procedure; and participating in the authentication procedure with the at least one network entity using the selected authentication method and, upon successful authentication, the given user equipment obtaining a set of keys to enable the given user equipment to access the first communication network.

公开(公告)号：US20230232234A1

公开(公告)日：2023-07-20

申请号：US17997910

申请日：2020-05-14

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Benoist Sébire ,  Samuli Turtinen ,  Chunli Wu ,  Suresh Nair

IPC: H04W12/106 ,  H04W8/24

CPC classification number: H04W12/106 ,  H04W8/24

Abstract: Example embodiments of the present disclosure relate to partial integrity protection in telecommunication systems. According to embodiments of the present disclosure, there is provided a solution for implementing partial integrity protection. The terminal device receives configuration of the partial integrity protection and applies the integrity protection on a portion of data packets which are communicated between communication devices. In this way, the communication devices can always provide integrity protection for services, regardless of their bit rate. Thus, security of communication can be improved. It also allows to provide integrity protection with limited impacts to power consumption and overheating.

公开(公告)号：US20220038896A1

公开(公告)日：2022-02-03

申请号：US16943869

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/06 ,  H04W12/00 ,  H04L29/06 ,  H04L9/32 ,  H04W8/18

Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.

公开(公告)号：US20210248025A1

公开(公告)日：2021-08-12

申请号：US17054949

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: G06F11/07 ,  H04L29/06 ,  H04L12/707

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, and wherein one of the first and second security edge protection proxy elements is a sending security edge protection proxy element and the other of the first and second security edge protection proxy elements is a receiving security edge protection proxy element, the receiving security edge protection proxy element receives a message from the sending security edge protection proxy element. The receiving security edge protection proxy element detects one or more error conditions associated with the received message. The receiving security edge protection proxy element determines one or more error handling actions to be taken in response to the one or more detected error conditions.

公开(公告)号：US20210219137A1

公开(公告)日：2021-07-15

申请号：US17253895

申请日：2019-09-20

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Anja Jerichow ,  Suresh Nair

IPC: H04W12/086 ,  H04L29/06 ,  H04W12/033 ,  H04W76/12 ,  H04W88/16

Abstract: In one example, a method initiates establishment of a secure tunnel by a security proxy element (e.g., SEPP) in a first communication network (e.g., VPLMN) with an internetwork exchange element (e.g., IPX node) which is operatively coupled between the first communication network and a second communication network (e.g., HPLMN). Upon establishment of the secure tunnel, the method sends a message from the security proxy element to the internetwork exchange element over the secure tunnel. The secure tunnel can be a VPN tunnel and can be established using TLS or IPsec. In one example, the internetwork exchange node functions as an HTTP proxy, and in another embodiment as an interception (e.g., MITM) proxy. In another example, HTTPS is used to establish a separate TLS connection for each HTTP message. In yet another example, the security proxy element is configured to select (and change as needed) the secure communication mechanism.