公开(公告)号：US10826946B2

公开(公告)日：2020-11-03

申请号：US16014358

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04L29/08

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises provisioning at least a given one of the first and second security edge protection proxy elements with configuration information that enables the given security edge protection proxy element to identify at least one security operation to be applied to at least one information element in a received message before sending the message to the other one of the first and second security edge protection proxy elements.

公开(公告)号：US10548004B2

公开(公告)日：2020-01-28

申请号：US16014219

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/06 ,  H04W84/04 ,  H04W84/12

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.

公开(公告)号：US11038923B2

公开(公告)日：2021-06-15

申请号：US16014262

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/02 ,  H04L29/08 ,  H04L9/08 ,  H04L12/24

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises configuring at least a given one of the first and second security edge protection proxy elements to apply application layer security to one or more information elements in a received message from a network function before sending the message to the other one of the first and second security edge protection proxy elements.

公开(公告)号：US20190253885A1

公开(公告)日：2019-08-15

申请号：US16014219

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/06

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.

公开(公告)号：US20190104447A1

公开(公告)日：2019-04-04

申请号：US15822907

申请日：2017-11-27

Applicant: Nokia Technologies Oy

Inventor： Guenther Horn ,  Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: H04W36/00 ,  H04L29/06 ,  H04W12/06 ,  H04W8/08

CPC classification number: H04W36/0038 ,  H04L63/0876 ,  H04W8/08 ,  H04W12/04 ,  H04W12/06 ,  H04W12/1004 ,  H04W36/10

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

公开(公告)号：US10893025B2

公开(公告)日：2021-01-12

申请号：US16014294

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04W88/16 ,  H04W12/00 ,  H04L29/08 ,  H04W84/04 ,  H04W12/10

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises constructing a message at a network function in the first network destined for the second network, wherein the message comprises at least one information element and an indicator, wherein the indicator is set to specify at least one security operation to be applied to the at least one information element before sending the message to the second security edge protection proxy element of the second network.

公开(公告)号：US10512005B2

公开(公告)日：2019-12-17

申请号：US15822907

申请日：2017-11-27

Applicant: Nokia Technologies Oy

Inventor： Guenther Horn ,  Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: H04L29/06 ,  H04W12/06 ,  H04W36/00 ,  H04W12/10 ,  H04W12/04 ,  H04W8/08 ,  H04W36/10

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

公开(公告)号：US20190251241A1

公开(公告)日：2019-08-15

申请号：US16014418

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: G06F21/33 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W12/08 ,  H04W12/06 ,  H04W12/04

CPC classification number: G06F21/335 ,  H04L9/0825 ,  H04L9/3242 ,  H04L63/0807 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Security management techniques for service authorization for communication systems are provided. In one or more methods, a first element or function in a home network of a communication system registers a second element or function in the home network as a service consumer of one or more services provided by at least a third element or function in the home network, receives a request from the second element or function, and provides an access token to the second element or function responsive to authenticating the second element or function, the access token being used by the second element or function to access the one or more services provided by the third element or function.

公开(公告)号：US10963553B2

公开(公告)日：2021-03-30

申请号：US16014418

申请日：2018-06-21

Applicant: Nokia Technologies Oy

Inventor： Nagendra S. Bykampadi ,  Suresh P. Nair

IPC: G06F21/33 ,  H04L29/06 ,  H04L9/32 ,  H04W12/04 ,  H04W12/08 ,  H04W12/06 ,  H04L9/08

Abstract: Security management techniques for service authorization for communication systems are provided. In one or more methods, a first element or function in a home network of a communication system registers a second element or function in the home network as a service consumer of one or more services provided by at least a third element or function in the home network, receives a request from the second element or function, and provides an access token to the second element or function responsive to authenticating the second element or function, the access token being used by the second element or function to access the one or more services provided by the third element or function.

公开(公告)号：US10574462B2

公开(公告)日：2020-02-25

申请号：US15729205

申请日：2017-10-10

Applicant: Nokia Technologies Oy

Inventor： Anja Jerichow ,  Annett Seefeldt ,  Nagendra S. Bykampadi ,  Suresh P. Nair ,  Ulrich Wiehe

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/30 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/02 ,  H04L9/00 ,  H04W88/02 ,  H04W12/00

Abstract: Privacy management techniques for communication systems are provided. In one or more methods, one or more cryptographic key pairs are provisioned in a home network of a communication system for utilization by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication system. The cryptographic key pairs are managed utilizing an element or function in the home network of the communication system. In one or more other methods, one or more public keys associated with one or more cryptographic key pairs are stored in user equipment, the cryptographic key pairs being provisioned by a home network of a communication system for use by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication network. An element or function of the home network of the communication system is interfaced for management of the public keys stored in the user equipment.