公开(公告)号：US11564193B2

公开(公告)日：2023-01-24

申请号：US17055119

申请日：2018-05-18

Applicant: Nokia Technologies Oy

Inventor： Cinzia Sartori ,  Anja Jerichow ,  Peter Schneider

IPC: H04W60/00 ,  H04W12/06

Abstract: Authentication in a public land mobile network, PLMN, having tenant slices is performed by a network element that has: a memory comprising program code; a communication circuitry for communication with entities in the PLMN; and a processing circuitry configured to execute the program code and according to the program code to cause: detecting a registration request from a mobile communication device, MCDt; detecting whether the registration request requests access to a network slice with one-tier authentication with the network slice, and: if yes, causing beginning of authenticating the MCDt with the network slice independently of any authentication between the MCDt and the PLMN.

公开(公告)号：US11838428B2

公开(公告)日：2023-12-05

申请号：US18065914

申请日：2022-12-14

Applicant: Nokia Technologies Oy

Inventor： Peter Schneider ,  Ranganathan Mavureddi Dhanasekaran

IPC: H04L9/32 ,  H04W12/06

CPC classification number: H04L9/3263 ,  H04W12/06

Abstract: According to an example aspect of the present invention, there is provided a method comprising: generating a certificate comprising an identifier of a base station, a public key of the base station, and a public key of a terminal; signing the certificate by a signature based on a private key belonging to the public key of the base station; sending the signed certificate to the terminal using an established security association; monitoring whether the base station receives a request for local authentication of the terminal, wherein the request comprises an encrypted certificate unit and a base station identifier; checking whether the base station identifier is the identifier of the base station and, if it is, decrypting the encrypted certificate unit using the private key; and using the public key of the terminal for a communication with the terminal if the certificate unit comprises the signed certificate.

公开(公告)号：US11689579B2

公开(公告)日：2023-06-27

申请号：US17264768

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Peter Schneider ,  Anja Jerichow

IPC: H04L9/40 ,  H04W12/033 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10

CPC classification number: H04L63/205 ,  H04L63/0428 ,  H04L63/0892 ,  H04W12/033 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10

Abstract: A session management function of a 5G system receives information that a secondary authentication is to be done for a given user equipment for authorising user equipment to use a data network; and responsively to the received information, communicates with the data network and receives from the data network an indication; and allows a 5G access to the user equipment so that the user equipment can communicate with the data network according to the indication either without cryptographic protection or with cryptographic protection depending on the indication.

公开(公告)号：US20210297457A1

公开(公告)日：2021-09-23

申请号：US17264768

申请日：2019-08-02

Applicant: Nokia Technologies Oy

Inventor： Peter Schneider ,  Anja Jerichow

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/033 ,  H04W12/10 ,  H04W12/08

Abstract: A session management function of a 5G system receives information that a secondary authentication is to be done for a given user equipment for authorising user equipment to use a data network; and responsively to the received information, communicates with the data network and receives from the data network an indication; and allows a 5G access to the user equipment so that the user equipment can communicate with the data network according to the indication either without cryptographic protection or with cryptographic protection depending on the indication.

公开(公告)号：US20190261177A1

公开(公告)日：2019-08-22

申请号：US16314573

申请日：2017-06-30

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Amaanat Ali ,  Peter Schneider ,  Mikko Saily ,  Arnesh Vijay

IPC: H04W12/06 ,  H04W76/27 ,  H04W36/00 ,  H04W36/08

Abstract: Methods and apparatus for handling a security aspect after cell reselection are disclosed. In a method a cell reselection is determined at a communication device that is in an intermediate radio resource control state where the communication device is inactive but connected to a radio access system. Subsequent to the determining, communication of security credential information is initiated with a selected cell of the radio access system while the communication device is in the intermediate radio resource control state. Communications with the selected cell are based on a security configuration according to the security credential information.

公开(公告)号：US12231586B2

公开(公告)日：2025-02-18

申请号：US17947969

申请日：2022-09-19

Applicant: Nokia Technologies Oy

Inventor： Peter Schneider ,  Ranganathan Mavureddi Dhanasekaran

IPC: H04L9/32 ,  H04L9/08 ,  H04W12/037

Abstract: Systems, methods, and software of performing a UE challenge. In one embodiment, User Equipment (UE) initiates a UE challenge procedure to a home network before engaging in a primary authentication procedure by generating a UE challenge by encrypting a random nonce with a home network public key, and transmitting a first message containing the UE challenge toward the home network. The UE receives a second message containing a challenge response to the UE challenge, processes the challenge response to determine whether the home network decrypted the random nonce in response to the UE challenge, and verifies an identity of the home network when the home network decrypted the random nonce in response to the UE challenge.

公开(公告)号：US20240056301A1

公开(公告)日：2024-02-15

申请号：US18447374

申请日：2023-08-10

Applicant: Nokia Technologies Oy

Inventor： Markus Staufer ,  Peter Schneider ,  Ranganathan Mavureddi Dhanasekaran ,  Saurabh Khare

IPC: H04L9/32

CPC classification number: H04L9/32

Abstract: Method comprising:



monitoring whether a network receives an authorization request for establishing a session of an AF with a UE, wherein the authorization request comprises a permanent identifier of the AF, a received temporary identifier of the AF, and a temporary identifier of a UE;
if the authorization request is received:

forming a key identifier based on the temporary identifier of the UE;
retrieving, based on the key identifier, a stored key and a first permanent identifier of the UE;
calculating a calculated temporary identifier of the AF based on the permanent identifier of the AF and the stored key;
checking whether the calculated temporary identifier of the AF is identical with the received temporary identifier of the AF;
inhibiting authorizing the AF for the establishing the session with the UE if the calculated temporary identifier of the AF is not identical with the received temporary identifier of the AF.

公开(公告)号：US11765596B2

公开(公告)日：2023-09-19

申请号：US17159380

申请日：2021-01-27

Applicant: Nokia Technologies Oy

Inventor： Peter Schneider ,  Ranganathan Mavureddi Dhanasekaran ,  Anja Jerichow

IPC: H04W12/72 ,  H04W56/00 ,  H04W12/10 ,  H04W12/069

CPC classification number: H04W12/72 ,  H04W12/069 ,  H04W12/10 ,  H04W56/001 ,  H04W56/003

Abstract: In accordance with an example embodiment, there is provided an apparatus, such as a user equipment, configured to receive, from a communication network, an authentication request which comprises a nonce and a received sequence number, check, whether the received sequence number is advanced with respect to a first sequence number, the first sequence number being from a most recent previous authentication request handled by the apparatus, check, responsive to the received sequence number not being advanced with respect the first sequence number, whether the nonce is identical to one from among plural stored nonces, and send, responsive to the nonce being identical to the one stored nonce, a response to the authentication request which comprises as a synchronization failure token a dummy value which is not derived from the first sequence number.

公开(公告)号：US10820265B2

公开(公告)日：2020-10-27

申请号：US16340027

申请日：2016-10-07

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Peter Schneider

IPC: H04W48/18 ,  H04W4/60 ,  H04W4/70 ,  H04W4/50 ,  H04W12/08 ,  H04W12/00

Abstract: Internet of Things devices are provisioned with programmable subscriber units by arranging a secure end-to-end connection with an IoT Application Server IoTAS with a temporary connection through a mobile network that has been previously informed of the identities of the IoT devices. Through the secure end-to-end connection, the IoTAS provides an IoT device with provisioning information that enables mutual authentication between the mobile network and the IoT device so that the IoT device can be equipped with a programmable subscription that enables the IoT device to normally attach to the mobile network.