公开(公告)号：US20180324585A1

公开(公告)日：2018-11-08

申请号：US15794856

申请日：2017-10-26

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies Oy

Inventor： Suresh P. Nair ,  Anja Jerichow ,  Annett Seefeldt

IPC: H04W12/06 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/083 ,  H04L63/0876 ,  H04W12/02 ,  H04W12/04

Abstract: Techniques for providing privacy features in communication systems are provided. For example, a message may be provided from user equipment to an element or function in a communication network that comprises one or more privacy indicators, where privacy features for processing the message are determined based on the privacy indicators. The message may comprise an attach request comprising a subscription identifier for a subscriber associated with the user equipment, with the privacy indicators comprising a flag indicating whether the subscription identifier in the attach request is privacy-protected. As another example, the element of function in the communication network may determine privacy features supported by the communication network and generate and send a message to user equipment comprising one or more privacy indicators selected based on the determined privacy features. The privacy indicators may comprise an indication of whether the communication network is configured for handling privacy-protected subscription identifiers.

公开(公告)号：US12192208B2

公开(公告)日：2025-01-07

申请号：US17716028

申请日：2022-04-08

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  German Peinado Gomez

IPC: H04L9/40

Abstract: An apparatus comprises means for: causing information indicating a first security protocol profile of a first security protocol from a first security node of a first network to be sent from a first security node of a first network to a second security node of a second network, wherein the first security profile has one or more of: a modification policy; a data type policy; and a cipher suite; and causing the first security node to communicate with the second security node in accordance with the first security profile.

公开(公告)号：US12127001B2

公开(公告)日：2024-10-22

申请号：US17586297

申请日：2022-01-27

Applicant: Nokia Technologies Oy

Inventor： Rekha Bharathi Somashekar ,  Sreejesh Sreekumar ,  Diwakar Jois ,  Minisha Das ,  Bruno Landais ,  Anja Jerichow

IPC: H04L9/40 ,  H04W8/12 ,  H04W12/102 ,  H04W12/37 ,  H04W84/04

CPC classification number: H04W12/102 ,  H04L63/166 ,  H04L63/205 ,  H04W8/12 ,  H04W12/37 ,  H04W84/042

Abstract: There is provided an apparatus configured to protect security of communication in roaming scenarios between a first network and a second network, the apparatus being a first apparatus residing in the first network and comprising means for



in response to a selection of transport layer security as a security capability mechanism, transmitting, to a second apparatus residing in the second network and configured to protect security of communication in roaming scenarios between the first network and the second network, a request to terminate connections over a forwarding interface between the first apparatus and the second apparatus.

公开(公告)号：US12003384B2

公开(公告)日：2024-06-04

申请号：US17624627

申请日：2020-07-01

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Yannick Lair ,  Anja Jerichow ,  Laurent Thiebaut

IPC: H04L41/142 ,  H04L41/147 ,  H04L43/04

CPC classification number: H04L41/142 ,  H04L41/147 ,  H04L43/04

Abstract: According to one example embodiment, a method may include receiving, by a repository entity, first information on data related to a network entity. The method may further include storing, by the repository entity, second information related to the network entity based on the first information. The second information may include at least one of an identifier of the network entity and an identifier of a data acquiring entity having acquired the data.

公开(公告)号：US11997477B2

公开(公告)日：2024-05-28

申请号：US17608283

申请日：2020-04-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Nagendra Bykampadi ,  Anja Jerichow

IPC: H04W60/06 ,  H04W12/03

CPC classification number: H04W12/03 ,  H04W60/06

Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier. Furthermore, by ignoring a deregistration request message with a subscription concealed identifier, an access and mobility management element of the communication system prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier.

公开(公告)号：US11722891B2

公开(公告)日：2023-08-08

申请号：US17043971

申请日：2019-04-04

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W12/06 ,  H04W12/40 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04W12/04 ,  H04W12/40

Abstract: In given user equipment seeking access to a first communication network (e.g., 5G network), wherein the given user equipment comprises a subscriber identity module (e.g., USIM) configured for a second communication network, and wherein the second communication network is a legacy network with respect to the first communication network (e.g., legacy 4G network), a method includes: initiating an authentication procedure with at least one network entity of the first communication network and selecting an authentication method to be used during the authentication procedure; and participating in the authentication procedure with the at least one network entity using the selected authentication method and, upon successful authentication, the given user equipment obtaining a set of keys to enable the given user equipment to access the first communication network.

公开(公告)号：US11425636B1

公开(公告)日：2022-08-23

申请号：US17232640

申请日：2021-04-16

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow

IPC: H04W48/16 ,  H04W8/20 ,  H04W12/08 ,  H04W48/18

Abstract: According to an example aspect, there is provided a method, comprising: receiving, from a first network function consumer, a subscribe request for a second network function consumer to subscribe to a service, wherein the subscribe request comprises a notification address and identifies the second network function consumer, transmitting, to a network repository function, an access token request, comprising the notification address and identifying the second network function consumer, receiving, from the network repository function, an access token response comprising an access token comprising the notification address verified by the network repository function, transmitting, to the second network function consumer, an authorization request for receiving data authorization and comprising the access token, receiving, from the second network function consumer, an authorization response indicative of authorization of the second network function consumer, and transmitting, on the basis of the authorization response, a notification to the second network function consumer.

公开(公告)号：US20220038896A1

公开(公告)日：2022-02-03

申请号：US16943869

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/06 ,  H04W12/00 ,  H04L29/06 ,  H04L9/32 ,  H04W8/18

Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.

公开(公告)号：US11212739B2

公开(公告)日：2021-12-28

申请号：US16931814

申请日：2020-07-17

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Hans Thomas Höhne ,  Lianghai Ji ,  Anja Jerichow ,  Ling Yu ,  Tero Henttonen

IPC: H04L12/28 ,  H04W48/16 ,  H04W76/14 ,  H04W8/24 ,  H04W48/20 ,  H04W88/04 ,  H04J1/16

Abstract: According to an aspect, there is provided a terminal device comprising means for performing the following. The terminal device transmits a tethering request for setting up a tethering cell over at least one communications network to at least one tethering terminal device capable of setting up a tethering cell. Then, the terminal device performs tethering cell discovery for discovering tethering cells set up by any of said at least one tethering terminal device. In response to discovering a tethering cell provided by a tethering terminal device of said at least one tethering terminal device, the terminal device accesses the tethering cell.

公开(公告)号：US11202192B2

公开(公告)日：2021-12-14

申请号：US16639335

申请日：2017-08-21

Applicant: Nokia Technologies Oy

Inventor： Guenther Horn ,  Anja Jerichow

IPC: H04W8/06 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W12/02 ,  H04W12/08 ,  H04W60/04

Abstract: User equipment is registered with a visited public land mobile network, VPLMN, in a process including: producing at the user equipment a concealed identifier; producing at the user equipment a freshness code; and sending by the user equipment to the VPLMN the concealed identifier and the freshness code; receiving by the user equipment an identity request from the VPLMN indicating that the long-term identifier must be transmitted to the VPLMN in a non-concealed form; receiving by the user equipment from the VPLMN a permission authenticator; and verifying at the user equipment if the permission authenticator has been formed with a cryptographic authentication of the home public land mobile network, HPLMN, and the user equipment or a subscription module at the user equipment indicating permission to transmit the long-term identifier to the VPLMN in the non-concealed form and if yes, transmitting the long-term identifier to the VPLMN in the non-concealed form.