MITIGATION AGAINST ACCESS TOKEN THEFT ATTACK IN DIRECT AND INDIRECT COMMUNICATIONS IN SBA

    公开(公告)号:US20250062903A1

    公开(公告)日:2025-02-20

    申请号:US18802902

    申请日:2024-08-13

    Abstract: Various examples of embodiments described herein relate to methods and apparatuses for mitigation against access token theft attack in direct and indirect communications in SBA. One such example of an embodiment relates to a method that includes obtaining a first access token request from a network function service consumer, NFc, the first access token request comprising an authentication code of the NFc; authenticate the network function consumer, NFc, based on a check whether the authentication code is signed by the NFc; sending a second access token request to a network authorization entity or function, wherein the second access token request comprises the authentication code of the NFc and the second access token request further comprises a public key of the NFc or a hash of the public key of the NFc; based thereon, receiving an access token from the network authorization entity or function, wherein the access token comprises the public key of the NFc or a hash of the public key of the NFc; and sending a service request to a network function service provider, NFp, wherein the service request comprises the access token and the authentication code of the NFc.

    METHOD, APPARATUS AND COMPUTER PROGRAM

    公开(公告)号:US20250056395A1

    公开(公告)日:2025-02-13

    申请号:US18798990

    申请日:2024-08-09

    Abstract: Various example embodiments of the subject disclosure relate to apparatus, methods and computer programs. For example, there is provided a user equipment comprising means for: registering the user equipment with a first public land mobile network; selecting a second public land mobile network to register a user equipment with based on the user equipment's registration with the first public land mobile network; and registering the user equipment with the selected second public land mobile network.

    APPARATUS, METHOD, AND COMPUTER PROGRAM

    公开(公告)号:US20250039162A1

    公开(公告)日:2025-01-30

    申请号:US18785003

    申请日:2024-07-26

    Abstract: The disclosure relates to a method comprising to: receiving (700), from a network function service consumer, a request for an access token that authorizes access to a service provided by a network exposure function, wherein the service provides data obtained from an untrusted application function connected to the network exposure function, wherein the request comprises an identifier associated with the network exposure function, an identifier associated with the network function service consumer and an identifier associated with the untrusted application function; determining (702) to provide an access token to the network function service consumer based on the identifier associated with the network exposure function, the identifier associated with the network function service consumer, the identifier associated with the untrusted application function and attributes associated with the untrusted application function included in a profile of the network exposure function stored at the network repository function; and providing (704), to the network function service consumer, the access token comprising the identifier associated with the untrusted application function comprised in the request.

    METHOD, APPARATUS AND COMPUTER PROGRAM

    公开(公告)号:US20250031166A1

    公开(公告)日:2025-01-23

    申请号:US18775890

    申请日:2024-07-17

    Abstract: There is provided an apparatus comprising: means for receiving, at a target public land mobile network, signalling for establishing a protocol data unit session for a first service for a user equipment, wherein the first service is hostable by the target public land mobile network and a home public land mobile network, and means for causing data associated with the protocol data unit session for the first service to be transferred between the target public land mobile network and a visitor public land mobile network, wherein the user equipment is registered with the visitor public land mobile network.

    METHOD AND APPARATUS FOR LAWFUL INTERCEPTION FOR AKMA ROAMING ARCHITECTURE

    公开(公告)号:US20240114345A1

    公开(公告)日:2024-04-04

    申请号:US18474467

    申请日:2023-09-26

    CPC classification number: H04W12/80 H04L9/085 H04L9/32

    Abstract: A method, apparatus, and computer program for receiving an application session establishment request comprising an authentication and key management for applications, AKMA, Key Identifier, A-KID; producing an application key request (Naanf_AKMA_ApplicationKey_Get_request) comprising information elements AKMA Key Identifier A-KID; an application function identifier, AF_ID; and an application encryption key indication (Nnef_AKMA_AF_Encryption_Key_Indication); and sending the produced application key request (Naanf_AKMA_ApplicationKey_Get_request) to a home AKMA anchor function, hAAnF, or to a network exposure function, NEF, for enabling lawful interception in the VPLMN.

    SECURE USER EQUIPMENT POLICY DATA IN A COMMUNICATION NETWORK ENVIRONMENT

    公开(公告)号:US20240114057A1

    公开(公告)日:2024-04-04

    申请号:US18477807

    申请日:2023-09-29

    CPC classification number: H04L63/20 H04L63/102 H04L63/126

    Abstract: Techniques for managing user equipment policy data in a communication network environment are disclosed. For example, techniques are provided for managing user equipment policy data to be sent to user equipment by protecting the user equipment policy data in a communication network to which the user equipment is subscribed (e.g., a home communication network) such that the user equipment policy data can be sent to the user equipment through a communication network to which the user equipment is attached (e.g., a visited communication network) in a secure manner

    NETWORK FUNCTION VALIDATION
    88.
    发明公开

    公开(公告)号:US20240056506A1

    公开(公告)日:2024-02-15

    申请号:US18447645

    申请日:2023-08-10

    CPC classification number: H04L67/303

    Abstract: Embodiments of the present disclosure relate to network function validation. the first network device receives, from a second network device, a request including profile information of the second network device to be validated, obtain registered profile information of the second network device from a third network device maintaining a blockchain ledger storing the registered profile information, and validate the profile information of the second network device based on the registered profile information. The validation can be implemented via blockchain, and OAuth is not need, and for pure consumer can be authorized, in additioinformation for validation is sufficient.

    ROAMING ASPECTS FOR NETWORK DATA ANALYTICS FUNCTIONS

    公开(公告)号:US20240022465A1

    公开(公告)日:2024-01-18

    申请号:US18256880

    申请日:2020-12-10

    CPC classification number: H04L41/042 H04L41/28

    Abstract: A method of performing a data retrieval service for a first analytics function of a first communication network comprises collecting (S201), for at least one user equipment, data from the first communication network, obtaining (S203), from the collected data, processed information which is to be passed to an entity of a second communication network, and storing (S205) the processed information, wherein the processed information complies with one or more protection policies with respect to the second communication network.

Patent Agency Ranking