公开(公告)号：US20220217161A1

公开(公告)日：2022-07-07

申请号：US17603528

申请日：2020-04-07

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI

IPC: H04L9/40

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to establish a user equipment context for a user equipment registered with the apparatus, the user equipment context being associated with an identity of the user equipment, determine that a plurality of network messages comprising the identity of the user equipment as sender fail a network message integrity process, and trigger, responsive to the determination, at least one of: 1) sending a paging message to the user equipment, and 2) initiating an authentication process with a sender of the network messages, and deletion the user equipment context as a response to successful completion of the authentication process.

公开(公告)号：US20210120409A1

公开(公告)日：2021-04-22

申请号：US17043971

申请日：2019-04-04

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI

IPC: H04W12/06 ,  H04W12/40 ,  H04W12/04

Abstract: In given user equipment seeking access to a first communication network (e.g., 5G network), wherein the given user equipment comprises a subscriber identity module (e.g., USIM) configured for a second communication network, and wherein the second communication network is a legacy network with respect to the first communication network (e.g., legacy 4G network), a method includes: initiating an authentication procedure with at least one network entity of the first communication network and selecting an authentication method to be used during the authentication procedure; and participating in the authentication procedure with the at least one network entity using the selected authentication method and, upon successful authentication, the given user equipment obtaining a set of keys to enable the given user equipment to access the first communication network.

公开(公告)号：US20240147244A1

公开(公告)日：2024-05-02

申请号：US18405341

申请日：2024-01-05

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI ,  Dimitrios SCHOINIANAKIS

IPC: H04W12/72 ,  H04L9/30 ,  H04W12/041 ,  H04W12/06

CPC classification number: H04W12/72 ,  H04L9/3073 ,  H04W12/041 ,  H04W12/06

Abstract: A user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for a given authentication scenario.

公开(公告)号：US20220038433A1

公开(公告)日：2022-02-03

申请号：US17277210

申请日：2019-09-10

Applicant: Nokia Technologies Oy

Inventor： Nagendra S BYKAMPADI ,  Uwe RAUSCHENBACH

IPC: H04L29/06 ,  H04W12/03 ,  H04L29/08 ,  H04W12/106

Abstract: In accordance with an example aspect, there is provided an apparatus, the apparatus being a security edge proxy configured to implement application layer security for data exchanged between two core networks, the apparatus being configured at least to: process a protocol message received in the apparatus to generate an inter-network message based on the received protocol message, the inter-network message comprising a first part and a second part, transmit the inter-network message toward a second security edge proxy, wherein the first part is integrity protected but not encrypted and comprises first content elements of the received protocol message, wherein the second part is integrity protected and encrypted and comprises second content elements of the received protocol message as well as corresponding path elements indicating locations in the protocol message where the second content elements are located within the protocol message.

公开(公告)号：US20210360393A1

公开(公告)日：2021-11-18

申请号：US17045965

申请日：2019-04-08

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI

IPC: H04W12/00 ,  H04W12/106 ,  H04W8/12

Abstract: A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.

公开(公告)号：US20220353255A1

公开(公告)日：2022-11-03

申请号：US17621477

申请日：2020-06-22

Applicant: Nokia Technologies Oy

Inventor： Nagendra S BYKAMPADI ,  Laurent THIEBAUT ,  Bruno LANDAIS

IPC: H04L9/40

Abstract: This specification describes apparatus comprising means for sending, from a first network function service consumer instance to an authorisation server, a request for an access token for use in accessing a service provided by a network function service producer, wherein the request includes an identifier of a set of network function service consumer instances of which the first network function service consumer instance is a member; receiving, at the first network function service consumer instance from the authorisation server, an access token for use in accessing the service provided by the network function service producer, wherein the access token includes the identifier of the set of network function service consumer instances of which the first network function service consumer instance is a member; and sending, from the first network function service consumer instance to the network function service producer, a request to access the service provided by the network function service producer, wherein the request to access the service includes the access token.

公开(公告)号：US20220014888A1

公开(公告)日：2022-01-13

申请号：US17363975

申请日：2021-06-30

Applicant: Nokia Technologies Oy

Inventor： Nagendra S BYKAMPADI ,  Jani Petteri EKMAN ,  Anja JERICHOW

IPC: H04W4/50 ,  H04W12/76 ,  H04W12/069

Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a request from a network function, wherein the request comprises a string associated with an instance identity of the network function, determining, by the network repository function, a type of the instance identity of the network function from a set of instance identity types, determining, by the network repository function, the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function and transmitting, by the network repository function, a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function.

公开(公告)号：US20210058776A1

公开(公告)日：2021-02-25

申请号：US17045370

申请日：2019-04-04

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI ,  Dimitrios SCHOINIANAKIS

IPC: H04W12/00 ,  H04W12/06 ,  H04W12/04 ,  H04L9/30

Abstract: At given user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the given user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the given user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for the given authentication scenario.