公开(公告)号：US20210248025A1

公开(公告)日：2021-08-12

申请号：US17054949

申请日：2019-05-07

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S Bykampadi

IPC: G06F11/07 ,  H04L29/06 ,  H04L12/707

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, and wherein one of the first and second security edge protection proxy elements is a sending security edge protection proxy element and the other of the first and second security edge protection proxy elements is a receiving security edge protection proxy element, the receiving security edge protection proxy element receives a message from the sending security edge protection proxy element. The receiving security edge protection proxy element detects one or more error conditions associated with the received message. The receiving security edge protection proxy element determines one or more error handling actions to be taken in response to the one or more detected error conditions.

公开(公告)号：US20210219137A1

公开(公告)日：2021-07-15

申请号：US17253895

申请日：2019-09-20

Applicant: Nokia Technologies Oy

Inventor： Nagendra S Bykampadi ,  Anja Jerichow ,  Suresh Nair

IPC: H04W12/086 ,  H04L29/06 ,  H04W12/033 ,  H04W76/12 ,  H04W88/16

Abstract: In one example, a method initiates establishment of a secure tunnel by a security proxy element (e.g., SEPP) in a first communication network (e.g., VPLMN) with an internetwork exchange element (e.g., IPX node) which is operatively coupled between the first communication network and a second communication network (e.g., HPLMN). Upon establishment of the secure tunnel, the method sends a message from the security proxy element to the internetwork exchange element over the secure tunnel. The secure tunnel can be a VPN tunnel and can be established using TLS or IPsec. In one example, the internetwork exchange node functions as an HTTP proxy, and in another embodiment as an interception (e.g., MITM) proxy. In another example, HTTPS is used to establish a separate TLS connection for each HTTP message. In yet another example, the security proxy element is configured to select (and change as needed) the secure communication mechanism.

公开(公告)号：US10785653B2

公开(公告)日：2020-09-22

申请号：US16581690

申请日：2019-09-24

Applicant: Nokia Technologies Oy

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S. Bykampadi

IPC: H04W12/10 ,  H04W8/02 ,  H04W12/04 ,  H04W4/14 ,  H04W60/00 ,  H04L9/14 ,  H04L29/06 ,  H04W12/00 ,  H04W8/18 ,  H04W88/18

Abstract: A short message service (SMS) message is encrypted using an encryption key stored at a user equipment and an access and mobility management function (AMF) and the encrypted SMS message is added to a payload of a non-access stratum (NAS) message that includes an NAS header. Integrity protection is applied to the NAS message using an integrity key stored at the user equipment and the AMF and the integrity-protected NAS message is transmitted. The NAS message is received via an NAS link between the user equipment and the AMF. An integrity check is performed on the NAS message using the integrity key. An encrypted short message service (SMS) message is extracted from a payload of the NAS message in response to the integrity check being successful and the encrypted SMS message is decrypted using the encryption key.

公开(公告)号：US20200186999A1

公开(公告)日：2020-06-11

申请号：US16613207

申请日：2018-05-14

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  Silke Holtmanns

IPC: H04W12/02 ,  H04W12/00 ,  H04W12/04 ,  H04L29/06 ,  H04W8/18

Abstract: It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.

公开(公告)号：US10574457B2

公开(公告)日：2020-02-25

申请号：US15726974

申请日：2017-10-06

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies Oy

Inventor： Anja Jerichow ,  Annett Seefeldt ,  Suresh P. Nair

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/00 ,  H04L9/08 ,  H04W12/04 ,  H04W12/00 ,  H04L9/14

Abstract: Key identification techniques for determination of appropriate keys for processing messages in communication systems are provided. In one or more methods, an indicator is assigned to each key pair provisioned in a communication system. The indicator is then sent to one or more network elements or functions in the communication system with a message encrypted with a first part of the key pair corresponding to the indicator. A network element or function receiving the encrypted message determines, based on the indicator, a corresponding second part of the key pair to use to process the encrypted message.

公开(公告)号：US10470042B2

公开(公告)日：2019-11-05

申请号：US15974394

申请日：2018-05-08

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh Nair ,  Anja Jerichow ,  Nagendra S. Bykampadi

IPC: H04W12/10 ,  H04W8/02 ,  H04W12/04 ,  H04W4/14 ,  H04L29/06 ,  H04W60/00 ,  H04L9/14 ,  H04W8/18 ,  H04W88/18

Abstract: A short message service (SMS) message is encrypted using an encryption key stored at a user equipment and an access and mobility management function (AMF) and the encrypted SMS message is added to a payload of a non-access stratum (NAS) message that includes an NAS header. Integrity protection is applied to the NAS message using an integrity key stored at the user equipment and the AMF and the integrity-protected NAS message is transmitted. The NAS message is received via an NAS link between the user equipment and the AMF. An integrity check is performed on the NAS message using the integrity key. An encrypted short message service (SMS) message is extracted from a payload of the NAS message in response to the integrity check being successful and the encrypted SMS message is decrypted using the encryption key.

公开(公告)号：US20190253395A1

公开(公告)日：2019-08-15

申请号：US16014294

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W88/16

CPC classification number: H04L63/04 ,  H04L63/0471 ,  H04L63/12 ,  H04L63/20 ,  H04L67/02 ,  H04W12/001 ,  H04W12/00505 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/042 ,  H04W88/16

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises constructing a message at a network function in the first network destined for the second network, wherein the message comprises at least one information element and an indicator, wherein the indicator is set to specify at least one security operation to be applied to the at least one information element before sending the message to the second security edge protection proxy element of the second network.

公开(公告)号：US10360798B2

公开(公告)日：2019-07-23

申请号：US15838306

申请日：2017-12-11

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  Joachim Lueken ,  Wolfgang Scheidl

IPC: G08G1/01 ,  G08G1/16 ,  H04L29/08 ,  G08G1/0965 ,  G08G1/0967

Abstract: An application server in a cellular network receives incident information and determines a trust value associated with the incident information using one or more trust parameters. The application server generates a warning message including the the trust value and the one or more trust parameters. The warning message is broadcast to user equipment in vehicles in an area of relevance. The user equipment in the vehicles in the area of relevance receives the warning message and may re-evaluate the trust value in the warning message based on additional trust parameters or information. The user equipment may determine to perform one or more actions based on the trust value, such as providing a warning to a driver or performing a braking operation.

公开(公告)号：US20190149521A1

公开(公告)日：2019-05-16

申请号：US15840554

申请日：2017-12-13

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: In a home network of a communication system, wherein one or more cryptographic key pairs are provisioned for utilization by subscribers of the home network to conceal subscriber identifiers provided to one or more access points in the communication system, the method comprises provisioning one or more privacy managing entity identifiers for utilization by the subscribers when providing their concealed subscriber identifiers to the communication system. Each of the one or more privacy managing entity identifiers identify a given privacy managing entity in the communication system configured to de-conceal a given subscriber identifier.

公开(公告)号：US10171993B2

公开(公告)日：2019-01-01

申请号：US15588039

申请日：2017-05-05

Applicant: Alcatel-Lucent USA Inc. ,  Nokia Technologies OY

Inventor： Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04W64/00 ,  H04W48/14 ,  H04W76/11 ,  H04W88/02

Abstract: Techniques are provided for protecting the privacy of user equipment during identity request operations in a communication system. In one example, a method includes receiving a current identity request at given user equipment of a communication system. The method further includes making a determination at the given user equipment whether or not to respond to the current identity request in a manner requested based on a count of previous identity requests received by the given user equipment.