公开(公告)号：US20210219256A1

公开(公告)日：2021-07-15

申请号：US17055119

申请日：2018-05-18

Applicant: Nokia Technologies Oy

Inventor： Cinzia SARTORI ,  Anja JERICHOW ,  Peter SCHNEIDER

IPC: H04W60/00 ,  H04W12/06

Abstract: Authentication in a public land mobile network, PLMN, having tenant slices is performed by a network element that has: a memory comprising program code; a communication circuitry for communication with entities in the PLMN; and a processing circuitry configured to execute the program code and according to the program code to cause: detecting a registration request from a mobile communication device, MCDt; detecting whether the registration request requests access to a network slice with one-tier authentication with the network slice, and: if yes, causing beginning of authenticating the MCDt with the network slice independently of any authentication between the MCDt and the PLMN.

公开(公告)号：US20240064512A1

公开(公告)日：2024-02-22

申请号：US18337794

申请日：2023-06-20

Applicant: Nokia Technologies Oy

Inventor： Sireesha BOMMISETTY ,  Mallikarjunudu MAKHAM ,  Topuri BRAHMAIAH ,  Saurabh KHARE ,  Anja JERICHOW

IPC: H04W12/082 ,  H04W12/069

CPC classification number: H04W12/082 ,  H04W12/069 ,  H04W84/042

Abstract: Embodiments of the present disclosure relate to usage of access token in service based architecture. According to one aspect of the present disclosure, a first network device transmits an access token request to a second network device, and receives, from the second network device, an access token associated with a first count value, the first count value indicating the number of times the access token is allowed to be used. The first network device transmits, to a third network device, a service request with the access token; and receives, from the third network device, a service response determined based on the first count value and the access token. In this way, usage of an access token may be restricted and chance of misuse of the access token may be reduced.

公开(公告)号：US20230129885A1

公开(公告)日：2023-04-27

申请号：US17769501

申请日：2020-10-15

Applicant: Nokia Technologies OY

Inventor： Anja JERICHOW ,  Genevieve MANGE

IPC: H04L9/40

Abstract: The apparatus includes a memory configured to store security information, and at least one processing core, configured to generate the security information by defining a security policy concerning user plane transfer of precision time protocol messages, and to instruct at least one network node to implement the security policy by transmitting the security information to the at least one network node.

公开(公告)号：US20220248229A1

公开(公告)日：2022-08-04

申请号：US17586297

申请日：2022-01-27

Applicant: Nokia Technologies Oy

Inventor： Rekha BHARATHI SOMASHEKAR ,  Sreejesh SREEKUMAR ,  Diwakar JOIS ,  Minisha DAS ,  Bruno LANDAIS ,  Anja JERICHOW

IPC: H04W12/102 ,  H04W8/12

Abstract: There is provided an apparatus configured to protect security of communication in roaming scenarios between a first network and a second network, the apparatus being a first apparatus residing in the first network and comprising means for in response to a selection of transport layer security as a security capability mechanism, transmitting, to a second apparatus residing in the second network and configured to protect security of communication in roaming scenarios between the first network and the second network, a request to terminate connections over a forwarding interface between the first apparatus and the second apparatus.

公开(公告)号：US20220248225A1

公开(公告)日：2022-08-04

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra BYKAMPADI ,  Laurent THIEBAUT ,  Anja JERICHOW ,  Suresh NAIR

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US20220240089A1

公开(公告)日：2022-07-28

申请号：US17618846

申请日：2020-06-04

Applicant: Nokia Technologies Oy

Inventor： Nagendra BYKAMPADI ,  Suresh NAIR ,  Anja JERICHOW

IPC: H04W12/08 ,  H04W12/06

Abstract: Improved techniques for secure access control in communication systems are provided. Secure access control in one or more examples includes authorization of network function sets. For example, in accordance with an authorization server function, a method includes receiving a request from a service consumer in a communication system for access to a service type, wherein the request comprises information including a service producer set identifier. The method determines whether the service consumer is authorized to access the service type. The method identifies service producer instances that belong to the requested service producer set identifier. The method generates an access token that comprises identifiers for identified ones of the service producer instances that belong to the requested service producer set identifier, and sends the access token to the service consumer.

公开(公告)号：US20220217127A1

公开(公告)日：2022-07-07

申请号：US17568102

申请日：2022-01-04

Applicant: Nokia Technologies Oy

Inventor： Saurabh KHARE ,  Chaitanya AGGARWAL ,  Anja JERICHOW

IPC: H04L9/40 ,  H04L9/32

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured to receive a service request for a service provided by the apparatus, determine whether to provide the service based at least partly on an authentication based on a first identifier, comprised in an access token in the service request, and on a second identifier, comprised in a credential data element in the service request, wherein the authentication is successful when the first identifier and the second identifier identify a same network function instance or same network function instance set, and provide the service responsive to a result of the determination indicating the service is to be provided.

公开(公告)号：US20220132369A1

公开(公告)日：2022-04-28

申请号：US17501144

申请日：2021-10-14

Applicant: Nokia Technologies Oy

Inventor： Ashish MAHESHWARI ,  Sreejesh SREEKUMAR ,  Diwakar JOIS ,  Bruno LANDAIS ,  Anja JERICHOW ,  Chaitanya AGGARWAL ,  Seerangaraj JAKKAMALINGU

IPC: H04W28/06 ,  H04W48/18 ,  H04W28/10

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured to initiate a handshake process configured to establish a control plane connection prior to establishing an associated data plane connection from the apparatus to a gateway node in second network, the apparatus being in a first network distinct from the second network, indicate during the establishing of the control plane connection that compression of payload communicated over the data plane connection is requested, and wherein the data plane connection to the gateway node traverses at least one intermediate internet protocol exchange.

公开(公告)号：US20220110082A1

公开(公告)日：2022-04-07

申请号：US17487482

申请日：2021-09-28

Applicant: Nokia Technologies Oy

Inventor： Thomas BELLING ,  Bruno LANDAIS ,  Saurabh KHARE ,  Anja JERICHOW

IPC: H04W60/04 ,  H04W8/00 ,  H04L29/06 ,  H04W12/08

Abstract: There is provided an apparatus configured to receive, from a first network entity associated with a first domain in a communication network, a request to communicate; determine a second network entity to which to send the request; determine that the second network entity is associated with a second domain in the communication network; and enforce at least one access policy for routing the request to the network entity, wherein the apparatus is a first service communication proxy trusted in both the first and second domains.

公开(公告)号：US20220014888A1

公开(公告)日：2022-01-13

申请号：US17363975

申请日：2021-06-30

Applicant: Nokia Technologies Oy

Inventor： Nagendra S BYKAMPADI ,  Jani Petteri EKMAN ,  Anja JERICHOW

IPC: H04W4/50 ,  H04W12/76 ,  H04W12/069

Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a request from a network function, wherein the request comprises a string associated with an instance identity of the network function, determining, by the network repository function, a type of the instance identity of the network function from a set of instance identity types, determining, by the network repository function, the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function and transmitting, by the network repository function, a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function.