公开(公告)号：US12184790B2

公开(公告)日：2024-12-31

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US12126658B2

公开(公告)日：2024-10-22

申请号：US17702887

申请日：2022-03-24

Applicant: Nokia Technologies Oy

Inventor： German Peinado Gomez ,  Anja Jerichow ,  Chaitanya Aggarwal

IPC: H04L9/40

CPC classification number: H04L63/205

Abstract: Techniques for dynamic security management in a communications network are disclosed. For example, a method comprises obtaining, at a network entity in a communication network, security information from one or more other network entities in the communication network. In response to at least a portion of the obtained security information, the method enables, by the network entity, dynamic enforcement within a user plane of the communication network of one or more security policies in accordance with one or more quality-of-service policies to manage one or more behaviors of user equipment.

公开(公告)号：US12052143B2

公开(公告)日：2024-07-30

申请号：US18040087

申请日：2020-08-05

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  Chaitanya Aggarwal ,  Jing Ping ,  Iris Adam ,  Konstantinos Samdanis ,  Yannick Lair

IPC: H04L41/14 ,  H04L43/04

CPC classification number: H04L41/14 ,  H04L43/04

Abstract: Example embodiments of the present disclosure relate to devices, methods and computer readable storage media for service provisioning to facilitate analysis of a service from a network function (NF). In example embodiments, one or more logs are received from at least one of a first NF, a network repository function (NRF) and a service communication proxy (SCP). The one or more logs are associated with a service from a second NF. Further, analysis of provision of the service from the second NF is facilitated based on the one or more logs.

公开(公告)号：US12015920B2

公开(公告)日：2024-06-18

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra Bykampadi ,  Laurent Thiebaut ,  Anja Jerichow ,  Suresh Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

CPC classification number: H04W12/08 ,  H04L9/3213 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US12004059B2

公开(公告)日：2024-06-04

申请号：US17363975

申请日：2021-06-30

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Jani Petteri Ekman ,  Anja Jerichow

IPC: H04W4/50 ,  H04W12/069 ,  H04W12/76

CPC classification number: H04W4/50 ,  H04W12/069 ,  H04W12/76

Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a request from a network function, wherein the request comprises a string associated with an instance identity of the network function, determining, by the network repository function, a type of the instance identity of the network function from a set of instance identity types, determining, by the network repository function, the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function and transmitting, by the network repository function, a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function.

公开(公告)号：US11659387B2

公开(公告)日：2023-05-23

申请号：US16943869

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/72 ,  H04W12/06 ,  H04L9/32 ,  H04L9/40 ,  H04W8/18

CPC classification number: H04W12/06 ,  H04L9/3271 ,  H04L63/08 ,  H04W8/18 ,  H04W12/72

Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.

公开(公告)号：US20230155832A1

公开(公告)日：2023-05-18

申请号：US18047434

申请日：2022-10-18

Applicant: Nokia Technologies Oy

Inventor： Chaitanya AGGARWAL ,  Anja Jerichow ,  Saurabh Khare ,  Georgios Gkellas

IPC: H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3213 ,  H04L63/0884

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured to process a request for an access token authorizing access for a network function consumer to a service provided by a network function producer, the request being received in the apparatus from a service communication proxy, wherein the processing comprises one or more of the following verification: verification that a credential data element comprised in the request, cryptographically signed by the network function consumer, identifies the request, the service or a type of the service, and verification with reference to a further node, or to a profile of the network function consumer, that the service communication proxy is authorized to act on behalf of the network function consumer, and transmit, responsive to at least one of the verifications being successful, the requested access token, the access token comprising an indication of the service communication proxy.

公开(公告)号：US20230030315A1

公开(公告)日：2023-02-02

申请号：US17875438

申请日：2022-07-28

Applicant: Nokia Technologies Oy

Inventor： Saurabh KHARE ,  Chaitanya Aggarwal ,  Anja Jerichow ,  Georgios Gkellas

IPC: H04L9/32 ,  H04L61/4511

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured to function as a network function repository, and transmit to a network function consumer an access token authorizing access to a service provided by a network function producer, the access token comprising an at least one of: indication of a fully qualified domain name of the network function consumer, an indication of a domain from which access to the network function producer is allowed and an indication of a stand-alone non-public network from which access to the network function producer is allowed.

公开(公告)号：US20210250186A1

公开(公告)日：2021-08-12

申请号：US17053591

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Anja Jerichow ,  Suresh Nair

IPC: H04L9/32 ,  H04W12/069 ,  H04W12/50 ,  H04L29/08

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, one of the first and second security edge protection proxy elements initiates a mutual authentication procedure with the other of the first and second security edge protection proxy elements. The one of the first and second security edge protection proxy elements exchanges credentials with the other of the first and second security edge protection proxy elements, wherein a secure channel is established between the first and second security edge protection proxy elements upon verification of the credentials.

公开(公告)号：US11032699B2

公开(公告)日：2021-06-08

申请号：US16613207

申请日：2018-05-14

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  Silke Holtmanns

IPC: H04W12/02 ,  H04L29/06 ,  H04W8/18 ,  H04W12/04 ,  H04W12/72

Abstract: It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.