公开(公告)号：US20210321303A1

公开(公告)日：2021-10-14

申请号：US17273781

申请日：2019-08-09

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04W28/24 ,  H04W12/03 ,  H04L29/06 ,  H04W8/12

Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.

公开(公告)号：US20210234706A1

公开(公告)日：2021-07-29

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US12184790B2

公开(公告)日：2024-12-31

申请号：US17267243

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/32 ,  H04L9/08

Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.

公开(公告)号：US12015920B2

公开(公告)日：2024-06-18

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra Bykampadi ,  Laurent Thiebaut ,  Anja Jerichow ,  Suresh Nair

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

CPC classification number: H04W12/08 ,  H04L9/3213 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US11659387B2

公开(公告)日：2023-05-23

申请号：US16943869

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/72 ,  H04W12/06 ,  H04L9/32 ,  H04L9/40 ,  H04W8/18

CPC classification number: H04W12/06 ,  H04L9/3271 ,  H04L63/08 ,  H04W8/18 ,  H04W12/72

Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.

公开(公告)号：US11589326B2

公开(公告)日：2023-02-21

申请号：US16943880

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Betsy Covell

IPC: H04L29/06 ,  H04W56/00 ,  H04W12/06 ,  H04W12/10

Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.

公开(公告)号：US20220039040A1

公开(公告)日：2022-02-03

申请号：US16943880

申请日：2020-07-30

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Betsy Covell

IPC: H04W56/00 ,  H04W12/06 ,  H04W12/10

Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.

公开(公告)号：US20210250186A1

公开(公告)日：2021-08-12

申请号：US17053591

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Anja Jerichow ,  Suresh Nair

IPC: H04L9/32 ,  H04W12/069 ,  H04W12/50 ,  H04L29/08

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, one of the first and second security edge protection proxy elements initiates a mutual authentication procedure with the other of the first and second security edge protection proxy elements. The one of the first and second security edge protection proxy elements exchanges credentials with the other of the first and second security edge protection proxy elements, wherein a secure channel is established between the first and second security edge protection proxy elements upon verification of the credentials.

公开(公告)号：US11991190B2

公开(公告)日：2024-05-21

申请号：US17603528

申请日：2020-04-07

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/0876 ,  H04L63/1425 ,  H04L63/20

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to establish a user equipment context for a user equipment registered with the apparatus, the user equipment context being associated with an identity of the user equipment, determine that a plurality of network messages comprising the identity of the user equipment as sender fail a network message integrity process, and trigger, responsive to the determination, at least one of: 1) sending a paging message to the user equipment, and 2) initiating an authentication process with a sender of the network messages, and deletion the user equipment context as a response to successful completion of the authentication process.

公开(公告)号：US11902792B2

公开(公告)日：2024-02-13

申请号：US17045370

申请日：2019-04-04

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi ,  Dimitrios Schoinianakis

IPC: H04L29/00 ,  H04W12/72 ,  H04W12/041 ,  H04L9/30 ,  H04W12/06

CPC classification number: H04W12/72 ,  H04L9/3073 ,  H04W12/041 ,  H04W12/06

Abstract: At given user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the given user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the given user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for the given authentication scenario.