公开(公告)号：US11924641B2

公开(公告)日：2024-03-05

申请号：US17253190

申请日：2019-06-19

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Tuomas Niemelä

IPC: H04W12/084 ,  H04L9/40 ,  H04L29/06

CPC classification number: H04W12/084 ,  H04L63/0807

Abstract: An authorization entity in a communication system comprising a service-based architecture receives a request from a service consumer in the communication system for access to a given service type. The authorization entity obtains an access token that identifies a plurality of service producers for the given service type and sends the access token to the service consumer.

公开(公告)号：US20210297942A1

公开(公告)日：2021-09-23

申请号：US17264105

申请日：2020-04-03

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Jani Ekman ,  Silke Holtmanns

IPC: H04W48/18 ,  H04W12/06 ,  H04W12/084 ,  H04W12/106 ,  H04W12/61 ,  H04W48/16

Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.

公开(公告)号：US20210120416A1

公开(公告)日：2021-04-22

申请号：US17252699

申请日：2019-10-23

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Bruno Landais

IPC: H04W12/08 ,  H04L29/06 ,  H04L29/12

Abstract: According to an example aspect of the present invention, there is provided a method, comprising: receiving a first message from a service-consuming second network entity in a second mobile network for a service-providing first network entity in a first mobile network, the first message comprising a first callback resource identifier, generating a second callback resource identifier on the basis of the first callback resource identifier, wherein the second callback resource identifier comprises a domain name of a security edge node in the first network, and transferring a callback message from the first network entity to the security edge node, the callback message comprising the second callback resource identifier.

公开(公告)号：US12184790B2

公开(公告)日：2024-12-31

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US12058123B2

公开(公告)日：2024-08-06

申请号：US17621477

申请日：2020-06-22

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Laurent Thiebaut ,  Bruno Landais

IPC: H04L9/40 ,  G06F21/44 ,  H04W12/08 ,  H04W12/084 ,  H04W12/10

CPC classification number: H04L63/083 ,  G06F21/44 ,  H04L63/0815 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/20 ,  H04W12/08 ,  H04W12/084 ,  H04W12/10

Abstract: An apparatus relating to authorization of network functions includes at least one processor and at least one memory including computer program code. The at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to: send, from a first network function service consumer instance to an authorization server, a request for an access token for use in accessing a service provided by a network function service producer; receive, at the first network function service consumer instance from the authorization server, an access token for use in accessing the service provided by the network function service producer; and send, from the first network function service consumer instance to the network function service producer, a request to access the service provided by the network function service producer, the request to access the service including the access token.

公开(公告)号：US12004059B2

公开(公告)日：2024-06-04

申请号：US17363975

申请日：2021-06-30

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Jani Petteri Ekman ,  Anja Jerichow

IPC: H04W4/50 ,  H04W12/069 ,  H04W12/76

CPC classification number: H04W4/50 ,  H04W12/069 ,  H04W12/76

Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a request from a network function, wherein the request comprises a string associated with an instance identity of the network function, determining, by the network repository function, a type of the instance identity of the network function from a set of instance identity types, determining, by the network repository function, the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function and transmitting, by the network repository function, a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function.

公开(公告)号：US11652851B2

公开(公告)日：2023-05-16

申请号：US17044347

申请日：2019-04-02

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Uwe Rauschenbach

IPC: H04L9/40 ,  H04W12/106 ,  H04W12/03 ,  H04W12/06 ,  H04W84/04

CPC classification number: H04L63/205 ,  H04L63/0428 ,  H04L63/123 ,  H04W12/03 ,  H04W12/06 ,  H04W12/106 ,  H04W84/042

Abstract: A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.

公开(公告)号：US20210258788A1

公开(公告)日：2021-08-19

申请号：US17253190

申请日：2019-06-19

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Tuomas Niemelä

IPC: H04W12/084 ,  H04L29/06

Abstract: An authorization entity in a communication system comprising a service-based architecture receives a request from a service consumer in the communication system for access to a given service type. The authorization entity obtains an access token that identifies a plurality of service producers for the given service type and sends the access token to the service consumer.

公开(公告)号：US20210250186A1

公开(公告)日：2021-08-12

申请号：US17053591

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Anja Jerichow ,  Suresh Nair

IPC: H04L9/32 ,  H04W12/069 ,  H04W12/50 ,  H04L29/08

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, one of the first and second security edge protection proxy elements initiates a mutual authentication procedure with the other of the first and second security edge protection proxy elements. The one of the first and second security edge protection proxy elements exchanges credentials with the other of the first and second security edge protection proxy elements, wherein a secure channel is established between the first and second security edge protection proxy elements upon verification of the credentials.

公开(公告)号：US11844014B2

公开(公告)日：2023-12-12

申请号：US17264105

申请日：2020-04-03

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Jani Ekman ,  Silke Holtmanns

IPC: H04W48/18 ,  H04W12/106 ,  H04W12/61 ,  H04W12/084 ,  H04W12/06 ,  H04W48/16

CPC classification number: H04W48/18 ,  H04W12/06 ,  H04W12/084 ,  H04W12/106 ,  H04W12/61 ,  H04W48/16

Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.