公开(公告)号：US20210306326A1

公开(公告)日：2021-09-30

申请号：US17159346

申请日：2021-01-27

Applicant: Nokia Technologies Oy

Inventor： Nagendra Bykampadi ,  Bruno Landais ,  Silke Holtmanns ,  Jani Petteri Ekman

IPC: H04L29/06 ,  H04L9/30

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for hop-by-hop security. A proposed method comprises receiving, at a first apparatus and from a second apparatus associated with a first network function, a message directed from the first network function to a second network function, the message comprising a first signature and network function information, the network function information at least comprising identification information of the first network function; in accordance with a successful validation of the first signature, updating the message with a second signature specific to a service communication proxy implemented by the first apparatus; and transmitting the updated message to a third apparatus associated with the second network function, the updated message comprising at least the second signature and the network function information.

公开(公告)号：US12015920B2

公开(公告)日：2024-06-18

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra Bykampadi ,  Laurent Thiebaut ,  Anja Jerichow ,  Suresh Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

CPC classification number: H04W12/08 ,  H04L9/3213 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US11997477B2

公开(公告)日：2024-05-28

申请号：US17608283

申请日：2020-04-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Nagendra Bykampadi ,  Anja Jerichow

IPC: H04W60/06 ,  H04W12/03

CPC classification number: H04W12/03 ,  H04W60/06

Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier. Furthermore, by ignoring a deregistration request message with a subscription concealed identifier, an access and mobility management element of the communication system prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier.

公开(公告)号：US11650866B2

公开(公告)日：2023-05-16

申请号：US17164455

申请日：2021-02-01

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Bruno Landais ,  Thomas Belling ,  Nagendra Bykampadi

IPC: G06F3/00 ,  G06F9/54

CPC classification number: G06F9/542 ,  G06F9/541

Abstract: A method, apparatus, and computer program product relating to notification requests and callback requests in indirect communications are provided. In the context of a method, the method includes sending a service request for selection of a service consumer. The service request is one of a notification request or a callback request. The method further includes indicating a version of a programming interface configured to support the service request.