公开(公告)号：US20220248225A1

公开(公告)日：2022-08-04

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra BYKAMPADI ,  Laurent THIEBAUT ,  Anja JERICHOW ,  Suresh NAIR

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US20220240089A1

公开(公告)日：2022-07-28

申请号：US17618846

申请日：2020-06-04

Applicant: Nokia Technologies Oy

Inventor： Nagendra BYKAMPADI ,  Suresh NAIR ,  Anja JERICHOW

IPC: H04W12/08 ,  H04W12/06

Abstract: Improved techniques for secure access control in communication systems are provided. Secure access control in one or more examples includes authorization of network function sets. For example, in accordance with an authorization server function, a method includes receiving a request from a service consumer in a communication system for access to a service type, wherein the request comprises information including a service producer set identifier. The method determines whether the service consumer is authorized to access the service type. The method identifies service producer instances that belong to the requested service producer set identifier. The method generates an access token that comprises identifiers for identified ones of the service producer instances that belong to the requested service producer set identifier, and sends the access token to the service consumer.

公开(公告)号：US20210240554A1

公开(公告)日：2021-08-05

申请号：US17164455

申请日：2021-02-01

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Bruno LANDAIS ,  Thomas BELLING ,  Nagendra BYKAMPADI

IPC: G06F9/54

Abstract: It is provided a method, comprising monitoring if a received request comprises a notification indication, wherein the notification indication indicates that the request is one of a callback request and a notification request; handling the request as a service request if the request does not comprise the notification indication; handling the request as a notification or callback request if the request comprises the notification indication, wherein the handling as a service request is different from the handling as a notification or callback request.

公开(公告)号：US20230247433A1

公开(公告)日：2023-08-03

申请号：US18001928

申请日：2021-06-24

Applicant: Nokia Technologies Oy

Inventor： Saurabh KHARE ,  Narasimha Rao PULIPATI ,  Nagendra BYKAMPADI ,  Suresh NAIR

IPC: H04W12/122 ,  H04L9/40

CPC classification number: H04W12/122 ,  H04L63/1441

Abstract: Techniques for detecting and isolating rogue network entities in a communication network are provided. For example, a method comprises receiving from at least one network entity in a communication network a message identifying one or more network entities suspected of malicious activity operating within the communication network, and initiating one or more remedial actions within the communication network to prevent the one or more network entities suspected of malicious activity operating within the communication network from accessing other network entities in the communication network.

公开(公告)号：US20220217530A1

公开(公告)日：2022-07-07

申请号：US17608283

申请日：2020-04-30

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Nagendra BYKAMPADI ,  Anja JERICHOW

IPC: H04W12/03 ,  H04W60/06

Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier. Furthermore, by ignoring a deregistration request message with a subscription concealed identifier, an access and mobility N management element of the communication system prevents a malicious actor from succeeding with a deregistration attack replaying