公开(公告)号：US10893075B2

公开(公告)日：2021-01-12

申请号：US16069962

申请日：2017-01-13

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther Horn

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/00

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

公开(公告)号：US10411884B2

公开(公告)日：2019-09-10

申请号：US15347156

申请日：2016-11-09

Applicant: Nokia Solutions and Networks Oy

Inventor： Marc Blommaert ,  Guenther Horn

IPC: H04L29/06 ,  H04L9/08 ,  H04W12/06 ,  H04L29/08

Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

公开(公告)号：US09392447B2

公开(公告)日：2016-07-12

申请号：US14162058

申请日：2014-01-23

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Woonhee Hwang ,  Eric Drury ,  Guenther Horn

IPC: H04M1/66 ,  H04W12/04 ,  H04L5/00 ,  H04W36/00

CPC classification number: H04W12/04 ,  H04L5/003 ,  H04L5/0092 ,  H04W36/0055

Abstract: Systems, methods, apparatuses, and computer program products for security handling in, for example, cells that support multiple frequency band indication are provided. One method includes receiving, for example by a source evolved node B (eNB) configured to communicate with a user equipment, a multiple frequency band indicator (MFBI) list, the multiple frequency band indicator (MFBI) list comprising at least one frequency band number listed in the same order of priority as broadcast by a target eNB. The method may further include selecting one of the at least one frequency band number for use by the source eNB, calculating a security key (KeNB*) using the DL EARFCN belonging to the selected frequency band number with the highest priority that is also supported by the user equipment, and signaling the calculated security key to the target eNB.

Abstract translation: 提供了用于例如支持多个频带指示的小区中用于安全处理的系统，方法，装置和计算机程序产品。 一种方法包括例如由被配置为与用户设备通信的源演进节点B（eNB）接收多频带​​指示符（MFBI）列表，所述多频带指示符（MFBI）列表包括至少一个频带号 以与目标eNB广播的优先级相同的顺序列出。 所述方法还可以包括：选择所述至少一个频带号码中的一个，以由所述源eNB使用，使用属于所选择的所述频带号的所述DL EARFCN计算安全密钥（KeNB *），所述最高优先级也由 用户设备，并将计算出的安全密钥发送给目标eNB。

公开(公告)号：US11588860B2

公开(公告)日：2023-02-21

申请号：US17116398

申请日：2020-12-09

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther Horn

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/10 ,  H04W12/033 ,  H04W12/037 ,  H04W12/67

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

公开(公告)号：US11212321B2

公开(公告)日：2021-12-28

申请号：US15504924

申请日：2015-08-17

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Anja Jerichow ,  Thomas Belling ,  Guenther Horn

IPC: H04L29/06 ,  H04W4/06 ,  H04W12/033 ,  H04W12/04

Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.

公开(公告)号：US20150296375A1

公开(公告)日：2015-10-15

申请号：US14439482

申请日：2012-10-29

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther Horn

IPC: H04W12/04 ,  H04W4/12 ,  H04W4/22

CPC classification number: H04W12/04 ,  H04L9/0891 ,  H04L9/3297 ,  H04L63/062 ,  H04W4/12 ,  H04W4/90 ,  H04W12/00502

Abstract: The present invention relates to devices, methods and computer program products in relation to mobile communication. In particular, it relates to those devices, methods and computer program products of communication networks in relation to e.g. so-called Public Warning Systems (PWS). In order to provide improvement, an apparatus comprises: a control module configured to receive a specified message including an indication of a public key for verification of broadcast messages, in response to having received the indication, select a timer period associated with the indication of the public key received, launch a timer for the selected timer period, and, upon expiry of the timer, cause to indicate acceptance of the public key.

Abstract translation: 本发明涉及与移动通信相关的设备，方法和计算机程序产品。 特别地，本发明涉及通信网络的相关设备，方法和计算机程序产品。 所谓的公共警察系统（PWS）。 为了提供改进，一种装置包括：控制模块，被配置为响应于已经接收到该指示，接收包括用于验证广播消息的公钥的指示的指定消息，选择与该指示相关联的定时器周期 接收到公开密钥，启动所选择的定时器周期的定时器，并且在定时器期满之后导致公钥被接受。

公开(公告)号：US09817720B2

公开(公告)日：2017-11-14

申请号：US14438956

申请日：2012-10-29

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther Horn ,  Hinrich Eilts

IPC: H04L29/06 ,  G06F11/14 ,  H04W12/04 ,  H04W36/00 ,  H04W36/08

CPC classification number: G06F11/1402 ,  G06F2201/875 ,  H04W12/04 ,  H04W36/0038 ,  H04W36/08

Abstract: An apparatus comprises a memory unit, and a control unit connected to the memory unit. The apparatus can be configured to interface at least one access node; the control unit is configured to derive at least one local level security key within an established security context for a terminal, forward the derived local security key to at least one access node, and detect failures in a handover for a terminal being served by a first access node towards a second access node. The failures concern the interface between the apparatus and the second access node. In response to a verified trigger condition, the control unit can re-adjust local level security keys with keys maintained at the terminal within the established security context.

公开(公告)号：US09794259B2

公开(公告)日：2017-10-17

申请号：US14595555

申请日：2015-01-13

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther Horn ,  Alexander Milinski

IPC: H04L29/06 ,  G06F21/31

CPC classification number: H04L63/10 ,  G06F21/31 ,  H04L63/08

Abstract: Systems, methods, apparatuses, and computer program products for providing security between WebRTC clients and IMS are provided. One method includes storing, by a network node, at least one parameter per internet protocol multimedia subsystem (IMS) subscription, where the at least one parameter comprises at least one identity of any web real time communication (WebRTC) web server function that is authorized to authenticate an IMS subscriber in WebRTC. The method may further include receiving a WebRTC web server function identity from a call state control function, comparing the received WebRTC web server function identity with the at least one parameter associated with the IMS subscription, and rejecting IMS communication when there is not a match between the received WebRTC web server function identity and the at least one parameter associated with the IMS subscription.

公开(公告)号：US20150269028A1

公开(公告)日：2015-09-24

申请号：US14438956

申请日：2012-10-29

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Guenther Horn ,  Hinrich Eilts

IPC: G06F11/14 ,  H04W12/04 ,  H04W36/08

CPC classification number: G06F11/1402 ,  G06F2201/875 ,  H04W12/04 ,  H04W36/0038 ,  H04W36/08

Abstract: An apparatus comprises a memory unit, and a control unit connected to the memory unit. The apparatus can be configured to interface at least one access node; the control unit is configured to derive at least one local level security key within an established security context for a terminal, forward the derived local security key to at least one access node, and detect failures in a handover for a terminal being served by a first access node towards a second access node. The failures concern the interface between the apparatus and the second access node. In response to a verified trigger condition, the control unit can re-adjust local level security keys with keys maintained at the terminal within the established security context.

Abstract translation: 一种装置包括存储器单元和连接到存储器单元的控制单元。 该设备可以被配置为接口至少一个接入节点; 控制单元被配置为在终端的已建立的安全上下文中导出至少一个本地级安全密钥，将导出的本地安全密钥转发到至少一个接入节点，并且检测由第一 访问节点朝向第二接入节点。 这些故障涉及设备和第二接入节点之间的接口。 响应于验证的触发条件，控制单元可以利用在已建立的安全上下文内的终端处保持的密钥来重新调整本地级安全密钥。

公开(公告)号：US20170063540A1

公开(公告)日：2017-03-02

申请号：US15347156

申请日：2016-11-09

Applicant: Nokia Solutions and Networks Oy

Inventor： Marc Blommaert ,  Guenther Horn

IPC: H04L9/08 ,  H04W12/06

CPC classification number: H04L9/0819 ,  H04L9/0863 ,  H04L9/0869 ,  H04L63/083 ,  H04L63/12 ,  H04L63/168 ,  H04L67/02 ,  H04W12/06

Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract translation: 一种方法，装置和计算机程序产品，其中使用基于密码的摘要访问认证过程来在客户机和服务器之间执行认证，其中所述认证过程通过以下步骤中的至少一个来确保：将消息响应参数修改为 用户密码，并且基于用户密码生成引导密钥，以及在客户端和服务器之间的先前协议中不使用的至少一个新鲜参数。