公开(公告)号：US12063312B2

公开(公告)日：2024-08-13

申请号：US17523251

申请日：2021-11-10

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow ,  Jani Ekman

IPC: H04L9/32

CPC classification number: H04L9/3247

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to determine whether a cryptographic signature of a token received in the apparatus from a network function consumer is valid, obtain a cryptographic signature of the apparatus of the token responsive to the cryptographic signature of the token being valid, and provide the token to a peer entity of the apparatus, wherein the cryptographic signature of the apparatus is either included into the token or provided in a header external to the token, wherein the peer entity is comprised in a second network, different from a first network where the apparatus is comprised in. The request may serve a user equipment, directly or indirectly.

公开(公告)号：US11979937B2

公开(公告)日：2024-05-07

申请号：US17479867

申请日：2021-09-20

Applicant: Nokia Technologies Oy

Inventor： Saurabh Khare ,  Bruno Landais ,  Anja Jerichow ,  Laurent Thiebaut ,  Georgios Gkellas

IPC: H04W8/02 ,  H04W8/18 ,  H04W48/16 ,  H04W84/04

CPC classification number: H04W8/02 ,  H04W8/18 ,  H04W48/16 ,  H04W84/042

Abstract: There is provided an apparatus comprising at least one processor and at least one memory including a computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the apparatus at least to: receive, at a first network repository function in a first network from a security edge protection proxy in a second network, a request for discovering one or more roaming hubs and/or security edge protection proxies in the first network; and send, from the first network repository function to the security edge protection proxy in the second network, a response comprising information identifying the one or more roaming hubs and/or security edge protection proxies in the first network and information identifying one or more further networks which can be reached via a respective roaming hub and/or security edge protection proxy in the first network.

公开(公告)号：US20240007449A1

公开(公告)日：2024-01-04

申请号：US18242963

申请日：2023-09-06

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair ,  Anja Jerichow ,  Annett Seefeldt

IPC: H04L9/40 ,  H04W12/02 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069

CPC classification number: H04L63/0442 ,  H04L63/083 ,  H04L63/06 ,  H04L63/0876 ,  H04W12/02 ,  H04W12/033 ,  H04W12/041 ,  H04W12/069

Abstract: Techniques for providing privacy features in communication systems are provided. For example, a message may be provided from user equipment to an element or function in a communication network that comprises one or more privacy indicators, where privacy features for processing the message are determined based on the privacy indicators. The message may comprise an attach request comprising a subscription identifier for a subscriber associated with the user equipment, with the privacy indicators comprising a flag indicating whether the subscription identifier in the attach request is privacy-protected. As another example, the element of function in the communication network may determine privacy features supported by the communication network and generate and send a message to user equipment comprising one or more privacy indicators selected based on the determined privacy features. The privacy indicators may comprise an indication of whether the communication network is configured for handling privacy-protected subscription identifiers.

公开(公告)号：US11789803B2

公开(公告)日：2023-10-17

申请号：US17054949

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: G06F11/07 ,  H04L45/00 ,  H04L9/40

CPC classification number: G06F11/079 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0772 ,  G06F11/0793 ,  H04L45/22 ,  H04L63/0281 ,  H04L63/123 ,  H04L63/166

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, and wherein one of the first and second security edge protection proxy elements is a sending security edge protection proxy element and the other of the first and second security edge protection proxy elements is a receiving security edge protection proxy element, the receiving security edge protection proxy element receives a message from the sending security edge protection proxy element. The receiving security edge protection proxy element detects one or more error conditions associated with the received message. The receiving security edge protection proxy element determines one or more error handling actions to be taken in response to the one or more detected error conditions.

公开(公告)号：US11765596B2

公开(公告)日：2023-09-19

申请号：US17159380

申请日：2021-01-27

Applicant: Nokia Technologies Oy

Inventor： Peter Schneider ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/72 ,  H04W56/00 ,  H04W12/10 ,  H04W12/069

CPC classification number: H04W12/72 ,  H04W12/069 ,  H04W12/10 ,  H04W56/001 ,  H04W56/003

Abstract: In accordance with an example embodiment, there is provided an apparatus, such as a user equipment, configured to receive, from a communication network, an authentication request which comprises a nonce and a received sequence number, check, whether the received sequence number is advanced with respect to a first sequence number, the first sequence number being from a most recent previous authentication request handled by the apparatus, check, responsive to the received sequence number not being advanced with respect the first sequence number, whether the nonce is identical to one from among plural stored nonces, and send, responsive to the nonce being identical to the one stored nonce, a response to the authentication request which comprises as a synchronization failure token a dummy value which is not derived from the first sequence number.

公开(公告)号：US20230269583A1

公开(公告)日：2023-08-24

申请号：US18108343

申请日：2023-02-10

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow

IPC: H04W12/06 ,  H04W4/12

CPC classification number: H04W12/06 ,  H04W4/12

Abstract: Techniques are disclosed for security management for authentication failure notification in a communication system. For example, a method comprises receiving, at user equipment from a network entity in a communication system, a message comprising an indication of at least one specific cause for a failure in an authentication procedure between the communication system and the user equipment, wherein the at least one specific cause comprises an occurrence of an authentication credential expiration. The user equipment may apply a policy and/or take one or more actions in response to receipt of the message.

公开(公告)号：US11737011B2

公开(公告)日：2023-08-22

申请号：US17410626

申请日：2021-08-24

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow ,  Bruno Landais

IPC: H04W48/08

CPC classification number: H04W48/08

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a Network Function, NF, service producer, by a Service Communication Proxy, SCP, a service request on behalf of an NF service consumer, wherein the service request comprises an access token, receiving, by the SCP, a service response from the NF service producer and upon receiving the service response, transmitting to the NF service consumer, by the SCP, information related to the access token.

公开(公告)号：US11582599B2

公开(公告)日：2023-02-14

申请号：US17045965

申请日：2019-04-08

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W12/00 ,  H04W8/12 ,  H04W12/106 ,  H04W84/04

Abstract: A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.

公开(公告)号：US20220337558A1

公开(公告)日：2022-10-20

申请号：US17232579

申请日：2021-04-16

Applicant: Nokia Technologies Oy

Inventor： Saurabh Khare ,  Chaitanya Aggarwal ,  Anja Jerichow

IPC: H04L29/06

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

公开(公告)号：US20210321303A1

公开(公告)日：2021-10-14

申请号：US17273781

申请日：2019-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W28/24 ,  H04W12/03 ,  H04L29/06 ,  H04W8/12

Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.