公开(公告)号：US12219376B2

公开(公告)日：2025-02-04

申请号：US17462319

申请日：2021-08-31

Applicant: Nokia Technologies Oy

Inventor： Dario Bega ,  Gerald Kunzmann ,  Chaitanya Aggarwal

IPC: H04W24/08 ,  H04L41/147 ,  H04L41/16 ,  H04W24/02

Abstract: Techniques for detection of abnormal network function service usage in a communication network are disclosed. For example, a method comprises obtaining, at a first network entity, one or more service requests previously received by a second network entity for a service which the second network entity is configured to provide in a communication network. The method further comprises obtaining, at the first network entity, an analysis of the one or more service requests previously received by the second network entity for the service. The method further comprises obtaining, at the first network entity, an expected service usage for the service from the analysis of the one or more service requests. The method may then compare incoming service requests to the expected service usage to detect a given condition, e.g., an abnormal condition, so that at least one action can be taken.

公开(公告)号：US11425636B1

公开(公告)日：2022-08-23

申请号：US17232640

申请日：2021-04-16

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow

IPC: H04W48/16 ,  H04W8/20 ,  H04W12/08 ,  H04W48/18

Abstract: According to an example aspect, there is provided a method, comprising: receiving, from a first network function consumer, a subscribe request for a second network function consumer to subscribe to a service, wherein the subscribe request comprises a notification address and identifies the second network function consumer, transmitting, to a network repository function, an access token request, comprising the notification address and identifying the second network function consumer, receiving, from the network repository function, an access token response comprising an access token comprising the notification address verified by the network repository function, transmitting, to the second network function consumer, an authorization request for receiving data authorization and comprising the access token, receiving, from the second network function consumer, an authorization response indicative of authorization of the second network function consumer, and transmitting, on the basis of the authorization response, a notification to the second network function consumer.

公开(公告)号：US12167241B2

公开(公告)日：2024-12-10

申请号：US17675436

申请日：2022-02-18

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow ,  Gerald Kunzmann ,  Yannick Lair

IPC: H04W12/069 ,  H04L9/40 ,  H04W12/08

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving from a requesting network function, by a network repository function, an access token request, wherein the access token request is related to a network function consumer requesting access to a service provided by a network function producer and comprises an identity of a vendor of the network function consumer requesting access to the service, means for verifying by the network repository function, based at least on the identity of the vendor of the network function consumer, that the network function consumer is allowed to access the service and means for transmitting to the requesting network function, by the network repository function, an access token upon successful verification, wherein the access token generated and signed by the network repository function comprises the identity of the vendor of the network function consumer and an identity of the vendor of the network function producer.

公开(公告)号：US12047780B2

公开(公告)日：2024-07-23

申请号：US17568144

申请日：2022-01-04

Applicant: Nokia Technologies Oy

Inventor： Saurabh Khare ,  Chaitanya Aggarwal ,  Anja Jerichow ,  Gerald Kunzmann

IPC: H04W12/084 ,  H04W8/18 ,  H04W12/02 ,  H04W12/082 ,  H04W12/60

CPC classification number: H04W12/084 ,  H04W8/18 ,  H04W12/02 ,  H04W12/082 ,  H04W12/60

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving, by a network function configured to provide centralized user consent authorization in a cellular communication system, a user consent authorization request from a logical network entity, wherein the user consent authorization request comprises an identity of at least one user equipment whose user consent is requested by the logical network entity, the logical network entity being a network function service consumer or an application function, means for retrieving user consent information concerning the at least one user equipment whose user consent is requested by the logical network entity, wherein said user consent information indicates individually whether the logical network entity is authorized to access data related to each of the at least one user equipment, means for determining, based on said user consent information, whether the logical network entity is authorized to access data related to each of the at least one user equipment and means for transmitting, based on said determination, a response signed by the network function to the logical network entity.

公开(公告)号：US12063312B2

公开(公告)日：2024-08-13

申请号：US17523251

申请日：2021-11-10

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow ,  Jani Ekman

IPC: H04L9/32

CPC classification number: H04L9/3247

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to determine whether a cryptographic signature of a token received in the apparatus from a network function consumer is valid, obtain a cryptographic signature of the apparatus of the token responsive to the cryptographic signature of the token being valid, and provide the token to a peer entity of the apparatus, wherein the cryptographic signature of the apparatus is either included into the token or provided in a header external to the token, wherein the peer entity is comprised in a second network, different from a first network where the apparatus is comprised in. The request may serve a user equipment, directly or indirectly.

公开(公告)号：US11737011B2

公开(公告)日：2023-08-22

申请号：US17410626

申请日：2021-08-24

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Saurabh Khare ,  Anja Jerichow ,  Bruno Landais

IPC: H04W48/08

CPC classification number: H04W48/08

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a Network Function, NF, service producer, by a Service Communication Proxy, SCP, a service request on behalf of an NF service consumer, wherein the service request comprises an access token, receiving, by the SCP, a service response from the NF service producer and upon receiving the service response, transmitting to the NF service consumer, by the SCP, information related to the access token.

公开(公告)号：US20220337558A1

公开(公告)日：2022-10-20

申请号：US17232579

申请日：2021-04-16

Applicant: Nokia Technologies Oy

Inventor： Saurabh Khare ,  Chaitanya Aggarwal ,  Anja Jerichow

IPC: H04L29/06

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

公开(公告)号：US12192359B2

公开(公告)日：2025-01-07

申请号：US17550549

申请日：2021-12-14

Applicant: Nokia Technologies Oy

Inventor： Chaitanya Aggarwal ,  Anja Jerichow ,  Saurabh Khare

IPC: H04L9/32

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to: receive, from a service communication proxy, a request for an access token which authorizes access to a service at a network function provider, transmit an authorization token to the service communication proxy, the authorization token being specific to the request, and provide the access token to the service communication proxy responsive to determining that a cryptographic signature of a network function consumer on a signed version of the authorization token, received in the apparatus from the service communication proxy, is correct. The apparatus may work in a network serving user equipments, for example.

公开(公告)号：US12034733B2

公开(公告)日：2024-07-09

申请号：US17494930

申请日：2021-10-06

Applicant: Nokia Technologies Oy

Inventor： Saurabh Khare ,  Colin Kahn ,  Georgios Gkellas ,  Yannick Lair ,  Anja Jerichow ,  Chaitanya Aggarwal

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/08

CPC classification number: H04L63/102 ,  H04L63/083 ,  H04W12/06 ,  H04W12/08

Abstract: According to an example aspect of the present invention, there is provided a method comprising, receiving, by an intermediary network function, a subscription request from a network function consumer requesting data of a network function producer, wherein the subscription request comprises a client credential assertion of the network function consumer and an access token, authorizing and authenticating, by the intermediary network function, the network function consumer upon successful validation of the access token and the client credential assertion validation and transmitting, by the intermediary network function, an access token request to an authorization server to get another access token, wherein said another access token is to be used to validate the network function consumer to access services of the network function producer, and the access token request comprises the client credential assertion of the network function consumer requesting data of the network function producer.

公开(公告)号：US11818102B2

公开(公告)日：2023-11-14

申请号：US17232579

申请日：2021-04-16

Applicant: Nokia Technologies Oy

Inventor： Saurabh Khare ,  Chaitanya Aggarwal ,  Anja Jerichow

IPC: H04L9/40

CPC classification number: H04L63/0281 ,  H04L63/08

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.