公开(公告)号：WO2021079023A1

公开(公告)日：2021-04-29

申请号：PCT/FI2020/050683

申请日：2020-10-16

Applicant: NOKIA TECHNOLOGIES OY

Inventor： BYKAMPADI, Nagendra ,  EKMAN, Jani ,  HOLTMANNS, Silke

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/00 ,  H04W88/18 ,  G06F21/44

Abstract: According to an example aspect of the present invention, there is provided a method, comprising: receiving a first request from a service-consuming first network entity in the first mobile network or a proxy entity acting on behalf of the first network entity in the first mobile network, generating, in response to the first request and authentication of the first network entity, a security token comprising information for authenticating the first network entity in the second mobile network for accessing a service-providing second network entity in the second mobile network, and transmitting, to the first network entity or the proxy entity, the security token for requesting access to the second network entity.

公开(公告)号：WO2020254903A1

公开(公告)日：2020-12-24

申请号：PCT/IB2020/055285

申请日：2020-06-04

Applicant: NOKIA TECHNOLOGIES OY

Inventor： BYKAMPADI, Nagendra ,  NAIR, Suresh ,  JERICHOW, Anja

IPC: H04L29/06 ,  H04W12/00 ,  H04W12/06 ,  H04W48/18

Abstract: Improved techniques for secure access control in communication systems are provided. Secure access control in one or more examples includes authorization of network function sets. For example, in accordance with an authorization server function, a method includes receiving a request from a service consumer in a communication system for access to a service type, wherein the request comprises information including a service producer set identifier. The method determines whether the service consumer is authorized to access the service type. The method identifies service producer instances that belong to the requested service producer set identifier. The method generates an access token that comprises identifiers for identified ones of the service producer instances that belong to the requested service producer set identifier, and sends the access token to the service consumer.

公开(公告)号：WO2021260630A1

公开(公告)日：2021-12-30

申请号：PCT/IB2021/055630

申请日：2021-06-24

Applicant: NOKIA TECHNOLOGIES OY

Inventor： KHARE, Saurabh ,  PULIPATI, Narasimha Rao ,  BYKAMPADI, Nagendra ,  NAIR, Suresh

IPC: H04W12/122 ,  H04L29/06 ,  H04L63/1441

Abstract: Techniques for detecting and isolating rogue network entities in a communication network are provided. For example, a method comprises receiving from at least one network entity in a communication network a message identifying one or more network entities suspected of malicious activity operating within the communication network, and initiating one or more remedial actions within the communication network to prevent the one or more network entities suspected of malicious activity operating within the communication network from accessing other network entities in the communication network.

公开(公告)号：WO2021176131A1

公开(公告)日：2021-09-10

申请号：PCT/FI2021/050040

申请日：2021-01-22

Applicant: NOKIA TECHNOLOGIES OY

Inventor： PRASAD, Pradyumna Ram ,  MURALIDHARA, Harish ,  MAHADEVAIAH, Krishnamurthy ,  BYKAMPADI, Nagendra

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/084 ,  H04W12/104 ,  H04W12/60

Abstract: According to an example aspect of the present invention, there is provided a method for a network exposure function, the method comprising receiving, from an application function, a request to access at least one service of a network function producer, wherein the request is associated with the application function and comprises an access token of the application function and upon successful validation of the access token, forwarding the request or transmitting a new request along with at least one parameter associated with the application function to the network function producer, wherein each of the at least one parameter identifies an object that needs to be verified by the network function producer.

公开(公告)号：WO2021099676A1

公开(公告)日：2021-05-27

申请号：PCT/FI2020/050711

申请日：2020-10-29

Applicant: NOKIA TECHNOLOGIES OY

Inventor： BYKAMPADI, Nagendra ,  EKMAN, Jani ,  HOLTMANNS, Silke

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/08 ,  H04W88/18 ,  G06F21/44

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for indirect communication. In example embodiments, a method is provided. The method comprises determining, at a first network function, a second network function from which the first network function is to request a service, wherein the first network function and the second network function communicate with each other via at least a first service communication proxy connected to the first network function; generating a service request to request the service from the second network function via the first service communication proxy; and transmitting, via a first secure connection between the first network function and the first service communication proxy, the service request to the first service communication proxy.

公开(公告)号：WO2021224544A1

公开(公告)日：2021-11-11

申请号：PCT/FI2021/050289

申请日：2021-04-20

Applicant: NOKIA TECHNOLOGIES OY

Inventor： PRASAD, Pradyumna Ram ,  MURALIDHARA, Harish ,  BYKAMPADI, Nagendra ,  MAHADEVAIAH, Krishnamurthy

IPC: H04W12/069 ,  H04W12/084 ,  H04L9/32 ,  H04L29/06 ,  G06F21/44

Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a registration request from an application function, wherein the registration request comprises at least one parameter that needs to be used for generating an access token for the application function, the at least one parameter being associated with the application function, registering the application function by the network repository function and transmitting, by the network repository function, a response to the registration request, wherein the response comprises the at least one parameter associated with the application function.

公开(公告)号：WO2021219385A1

公开(公告)日：2021-11-04

申请号：PCT/EP2021/059721

申请日：2021-04-15

Applicant: NOKIA TECHNOLOGIES OY

Inventor： BYKAMPADI, Nagendra ,  EKMAN, Jani Petteri ,  HOLTMANNS, Silke

IPC: H04L29/06

Abstract: Embodiments of the present disclosure relate to securely identifying a network function. A first device receives, from a first network function, a first request for registration of the first network function. The first request comprises a profile of the first network function. The first device generates network function context information of the first network function based on the profile. The network function context information comprises at least identification information of the first network function and information of at least one network slice associated with the first network function. The first device digitally signs the network function context information by using a private key of the first device. The first device transmits the digitally signed network function context information to the first network function.

公开(公告)号：WO2021165925A1

公开(公告)日：2021-08-26

申请号：PCT/IB2021/051452

申请日：2021-02-19

Applicant: NOKIA TECHNOLOGIES OY

Inventor： HOLTMANNS, Silke ,  BYKAMPADI, Nagendra ,  EKMAN, Jani

IPC: H04L29/06

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store a public key cryptography key pair comprising a public key and a private key, and at least one processing core configured to run a network function, to cause transmission, from the apparatus to a network support function, via at least one service communication proxy, of a request message, the request message comprising an authorization code signed with a cryptographic signature generated using the private key, and to at least one of the following: cause transmission to the network support node of provisioning information concerning the public key, and configure a storage distinct from the apparatus to provide a copy of the public key responsive to a request which comprises a specific network address relating to the public key. The apparatus may comprise a user equipment, for example.

公开(公告)号：WO2021165194A1

公开(公告)日：2021-08-26

申请号：PCT/EP2021/053622

申请日：2021-02-15

Applicant: NOKIA TECHNOLOGIES OY

Inventor： BYKAMPADI, Nagendra ,  HOLTMANNS, Silke ,  EKMAN, Jani

IPC: G06F21/44 ,  G06F21/60 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/106

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store a token received in the apparatus from a network function requesting a service, and at least one processing core configured to cause transmission, from the apparatus to a network support function, of a request message concerning the token, the token relating to the service, and to process a response message from the network support function, the response message comprising information concerning a public key relating to the token. The apparatus may comprise a network node or a user equipment, for example.

公开(公告)号：WO2021094349A1

公开(公告)日：2021-05-20

申请号：PCT/EP2020/081705

申请日：2020-11-11

Applicant: NOKIA TECHNOLOGIES OY

Inventor： BYKAMPADI, Nagendra

IPC: H04W12/06 ,  H04L12/24 ,  H04W4/70 ,  H04L29/06 ,  H04L29/08 ,  H04W12/08

Abstract: A service request with an access token is received, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer of a service type and wherein the access token corresponds to the service type. A determination is made to use a subset of target service producers of the service type for the service request, and at least one target service producer in the subset is determined. A decision is made whether to use the access token received from the service consumer or to obtain and use another access token. The service request is sent toward the at least one target service producer with the decided access token.