公开(公告)号：US20230037332A1

公开(公告)日：2023-02-09

申请号：US17877230

申请日：2022-07-29

Applicant: Nokia Technologies Oy

Inventor： Subramanya Chandrashekar ,  Daniela Laselva ,  Suresh P. Nair ,  Philippe Godin

IPC: H04W76/19 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/06

Abstract: Techniques are disclosed for verification of user equipment (UE) for small data transmission (SDT) when the user equipment is in an inactive state with respect to a communication network. For example, the UE is verified at a selected target gNB upon an SDT resume request initiated by the UE, i.e., a returning UE with respect to the selected target gNB, or otherwise prior to UE data resuming transmission to an anchor gNB from the selected target gNB.

公开(公告)号：US11523280B2

公开(公告)日：2022-12-06

申请号：US16953933

申请日：2020-11-20

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L9/40 ,  H04L9/08 ,  H04L41/0654 ,  H04W8/02 ,  H04W76/19

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

公开(公告)号：US10893025B2

公开(公告)日：2021-01-12

申请号：US16014294

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W88/16 ,  H04W12/00 ,  H04L29/08 ,  H04W84/04 ,  H04W12/10

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises constructing a message at a network function in the first network destined for the second network, wherein the message comprises at least one information element and an indicator, wherein the indicator is set to specify at least one security operation to be applied to the at least one information element before sending the message to the second security edge protection proxy element of the second network.

公开(公告)号：US10512005B2

公开(公告)日：2019-12-17

申请号：US15822907

申请日：2017-11-27

Applicant: Nokia Technologies Oy

Inventor： Guenther Horn ,  Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: H04L29/06 ,  H04W12/06 ,  H04W36/00 ,  H04W12/10 ,  H04W12/04 ,  H04W8/08 ,  H04W36/10

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

公开(公告)号：US20190251241A1

公开(公告)日：2019-08-15

申请号：US16014418

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: G06F21/33 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W12/08 ,  H04W12/06 ,  H04W12/04

CPC classification number: G06F21/335 ,  H04L9/0825 ,  H04L9/3242 ,  H04L63/0807 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Security management techniques for service authorization for communication systems are provided. In one or more methods, a first element or function in a home network of a communication system registers a second element or function in the home network as a service consumer of one or more services provided by at least a third element or function in the home network, receives a request from the second element or function, and provides an access token to the second element or function responsive to authenticating the second element or function, the access token being used by the second element or function to access the one or more services provided by the third element or function.

公开(公告)号：US12063507B2

公开(公告)日：2024-08-13

申请号：US17976047

申请日：2022-10-28

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair

IPC: H04W12/08 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/0654 ,  H04W8/02 ,  H04W76/19

CPC classification number: H04W12/08 ,  H04L9/0866 ,  H04L9/0894 ,  H04L9/3226 ,  H04L63/0428 ,  H04L41/0654 ,  H04L2209/80 ,  H04W8/02 ,  H04W76/19

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

公开(公告)号：US20240056476A1

公开(公告)日：2024-02-15

申请号：US18446889

申请日：2023-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair ,  Rakshesh Pravinchandra Bhatt ,  Ranganathan Mavureddi Dhanasekaran

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1425

Abstract: Techniques for security management with compromised-equipment detection in a communication system are disclosed. For example, a method comprises causing intentional introduction of one or more errors in at least one communication protocol layer of a communication network, wherein the communication network has a plurality of user equipment connected thereto via at least one access point. The method further comprises causing verification of one or more received error indicators against one or more expected error indicators to decide whether any of: (i) the plurality of user equipment; (ii) the at least one access point; or (iii) one or more network entities, may be compromised. In other examples, verifications may be correlated with other logs including, for example, security event logs.

公开(公告)号：US20210099877A1

公开(公告)日：2021-04-01

申请号：US16953933

申请日：2020-11-20

Applicant: Nokia Technologies Oy

Inventor： Suresh P. Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

公开(公告)号：US10826946B2

公开(公告)日：2020-11-03

申请号：US16014358

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04L29/08

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises provisioning at least a given one of the first and second security edge protection proxy elements with configuration information that enables the given security edge protection proxy element to identify at least one security operation to be applied to at least one information element in a received message before sending the message to the other one of the first and second security edge protection proxy elements.

公开(公告)号：US10548004B2

公开(公告)日：2020-01-28

申请号：US16014219

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/06 ,  H04W84/04 ,  H04W84/12

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.