公开(公告)号：US20210234706A1

公开(公告)日：2021-07-29

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US11038923B2

公开(公告)日：2021-06-15

申请号：US16014262

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/02 ,  H04L29/08 ,  H04L9/08 ,  H04L12/24

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises configuring at least a given one of the first and second security edge protection proxy elements to apply application layer security to one or more information elements in a received message from a network function before sending the message to the other one of the first and second security edge protection proxy elements.

公开(公告)号：US20190253885A1

公开(公告)日：2019-08-15

申请号：US16014219

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/06

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.

公开(公告)号：US20180331830A1

公开(公告)日：2018-11-15

申请号：US15726974

申请日：2017-10-06

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies Oy

Inventor： Anja Jerichow ,  Annett Seefeldt ,  Suresh P. Nair

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/00

CPC classification number: H04L9/3073 ,  H04L9/006 ,  H04L9/083 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/14 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/068 ,  H04W12/0023 ,  H04W12/04

Abstract: Key identification techniques for determination of appropriate keys for processing messages in communication systems are provided. In one or more methods, an indicator is assigned to each key pair provisioned in a communication system. The indicator is then sent to one or more network elements or functions in the communication system with a message encrypted with a first part of the key pair corresponding to the indicator. A network element or function receiving the encrypted message determines, based on the indicator, a corresponding second part of the key pair to use to process the encrypted message.

公开(公告)号：US20180324583A1

公开(公告)日：2018-11-08

申请号：US15588039

申请日：2017-05-05

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04W76/02 ,  H04W64/00 ,  H04W48/14

CPC classification number: H04W12/02 ,  H04L63/1458 ,  H04W12/12 ,  H04W48/14 ,  H04W64/00 ,  H04W76/11 ,  H04W88/02

Abstract: Techniques are provided for protecting the privacy of user equipment during identity request operations in a communication system. In one example, a method includes receiving a current identity request at given user equipment of a communication system. The method further includes making a determination at the given user equipment whether or not to respond to the current identity request in a manner requested based on a count of previous identity requests received by the given user equipment.

公开(公告)号：US20180270786A1

公开(公告)日：2018-09-20

申请号：US15462207

申请日：2017-03-17

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W68/02 ,  H04W8/02 ,  H04W12/02

CPC classification number: H04W68/02 ,  H04L63/0414 ,  H04W8/02 ,  H04W8/18 ,  H04W8/30 ,  H04W12/02 ,  H04W68/00

Abstract: Techniques are provided for protecting the privacy of user equipment during paging operations in a communication system. In one example, a method includes determining at a mobility management element of a communication system that a paging operation is to be initiated for given user equipment. The method further includes restricting the paging operation between the mobility management element and the given user equipment to use of a temporary identifier for the given user equipment. By not using a permanent identifier of the given user equipment during paging operations, the given user equipment is effectively non-trackable by malicious base stations and active/passive listeners.