Detection of abnormal network function service usage in communication network

    公开(公告)号:US12219376B2

    公开(公告)日:2025-02-04

    申请号:US17462319

    申请日:2021-08-31

    Abstract: Techniques for detection of abnormal network function service usage in a communication network are disclosed. For example, a method comprises obtaining, at a first network entity, one or more service requests previously received by a second network entity for a service which the second network entity is configured to provide in a communication network. The method further comprises obtaining, at the first network entity, an analysis of the one or more service requests previously received by the second network entity for the service. The method further comprises obtaining, at the first network entity, an expected service usage for the service from the analysis of the one or more service requests. The method may then compare incoming service requests to the expected service usage to detect a given condition, e.g., an abnormal condition, so that at least one action can be taken.

    Network function service subscription control

    公开(公告)号:US11425636B1

    公开(公告)日:2022-08-23

    申请号:US17232640

    申请日:2021-04-16

    Abstract: According to an example aspect, there is provided a method, comprising: receiving, from a first network function consumer, a subscribe request for a second network function consumer to subscribe to a service, wherein the subscribe request comprises a notification address and identifies the second network function consumer, transmitting, to a network repository function, an access token request, comprising the notification address and identifying the second network function consumer, receiving, from the network repository function, an access token response comprising an access token comprising the notification address verified by the network repository function, transmitting, to the second network function consumer, an authorization request for receiving data authorization and comprising the access token, receiving, from the second network function consumer, an authorization response indicative of authorization of the second network function consumer, and transmitting, on the basis of the authorization response, a notification to the second network function consumer.

    Enhanced authorization in cellular communication networks

    公开(公告)号:US12167241B2

    公开(公告)日:2024-12-10

    申请号:US17675436

    申请日:2022-02-18

    Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving from a requesting network function, by a network repository function, an access token request, wherein the access token request is related to a network function consumer requesting access to a service provided by a network function producer and comprises an identity of a vendor of the network function consumer requesting access to the service, means for verifying by the network repository function, based at least on the identity of the vendor of the network function consumer, that the network function consumer is allowed to access the service and means for transmitting to the requesting network function, by the network repository function, an access token upon successful verification, wherein the access token generated and signed by the network repository function comprises the identity of the vendor of the network function consumer and an identity of the vendor of the network function producer.

    Authorization in cellular communication systems

    公开(公告)号:US12047780B2

    公开(公告)日:2024-07-23

    申请号:US17568144

    申请日:2022-01-04

    CPC classification number: H04W12/084 H04W8/18 H04W12/02 H04W12/082 H04W12/60

    Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving, by a network function configured to provide centralized user consent authorization in a cellular communication system, a user consent authorization request from a logical network entity, wherein the user consent authorization request comprises an identity of at least one user equipment whose user consent is requested by the logical network entity, the logical network entity being a network function service consumer or an application function, means for retrieving user consent information concerning the at least one user equipment whose user consent is requested by the logical network entity, wherein said user consent information indicates individually whether the logical network entity is authorized to access data related to each of the at least one user equipment, means for determining, based on said user consent information, whether the logical network entity is authorized to access data related to each of the at least one user equipment and means for transmitting, based on said determination, a response signed by the network function to the logical network entity.

    Management of access tokens in communication networks

    公开(公告)号:US11737011B2

    公开(公告)日:2023-08-22

    申请号:US17410626

    申请日:2021-08-24

    CPC classification number: H04W48/08

    Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a Network Function, NF, service producer, by a Service Communication Proxy, SCP, a service request on behalf of an NF service consumer, wherein the service request comprises an access token, receiving, by the SCP, a service response from the NF service producer and upon receiving the service response, transmitting to the NF service consumer, by the SCP, information related to the access token.

    SECURITY ENHANCEMENT ON INTER-NETWORK COMMUNICATION

    公开(公告)号:US20220337558A1

    公开(公告)日:2022-10-20

    申请号:US17232579

    申请日:2021-04-16

    Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

    Authorization of network request
    8.
    发明授权

    公开(公告)号:US12192359B2

    公开(公告)日:2025-01-07

    申请号:US17550549

    申请日:2021-12-14

    Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to: receive, from a service communication proxy, a request for an access token which authorizes access to a service at a network function provider, transmit an authorization token to the service communication proxy, the authorization token being specific to the request, and provide the access token to the service communication proxy responsive to determining that a cryptographic signature of a network function consumer on a signed version of the authorization token, received in the apparatus from the service communication proxy, is correct. The apparatus may work in a network serving user equipments, for example.

    Authorization in communication networks

    公开(公告)号:US12034733B2

    公开(公告)日:2024-07-09

    申请号:US17494930

    申请日:2021-10-06

    CPC classification number: H04L63/102 H04L63/083 H04W12/06 H04W12/08

    Abstract: According to an example aspect of the present invention, there is provided a method comprising, receiving, by an intermediary network function, a subscription request from a network function consumer requesting data of a network function producer, wherein the subscription request comprises a client credential assertion of the network function consumer and an access token, authorizing and authenticating, by the intermediary network function, the network function consumer upon successful validation of the access token and the client credential assertion validation and transmitting, by the intermediary network function, an access token request to an authorization server to get another access token, wherein said another access token is to be used to validate the network function consumer to access services of the network function producer, and the access token request comprises the client credential assertion of the network function consumer requesting data of the network function producer.

    Security enhancement on inter-network communication

    公开(公告)号:US11818102B2

    公开(公告)日:2023-11-14

    申请号:US17232579

    申请日:2021-04-16

    CPC classification number: H04L63/0281 H04L63/08

    Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

Patent Agency Ranking