公开(公告)号：US20230292131A1

公开(公告)日：2023-09-14

申请号：US18006248

申请日：2021-07-14

Applicant: Nokia Technologies Oy

Inventor： Saurabh KHARE ,  Narasimha Rao PULIPATI ,  Suresh NAIR

IPC: H04W12/122 ,  H04W12/06

CPC classification number: H04W12/122 ,  H04W12/06

Abstract: Techniques for preventing rogue network functions in a communication network are provided. For example, a method comprises obtaining information identifying one or more network entities suspected of malicious activity operating within the communication network, causing a re-authorization of the one or more network entities suspected of malicious activity, and in response to a re-authorization failure of at least one of the one or more network entities suspected of malicious activity, causing one or more remedial actions to occur within the communication network to prevent the at least one network entity that failed re-authorization from accessing other network entities in the communication network.

公开(公告)号：US20200162898A1

公开(公告)日：2020-05-21

申请号：US16124631

申请日：2018-09-07

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR

IPC: H04W12/00 ,  H04W12/04 ,  H04W12/10 ,  H04W12/08 ,  H04W60/06

Abstract: A method, apparatus and computer program product may be provided for securing multiple NAS connections over a plurality of access types. An exemplary method may comprise receiving, at an access mobility function (AMF), a first registration request from user equipment (UE) over a first access type, establishing a main NAS context comprising at least a key set identifier for identifying a key for the AMF (KAMF), NAS integrity and encryption keys and a selected algorithm for all NAS links, wherein establishing the main NAS context comprises establishing the KAMF, and subsequently deriving, from the KAMF, the NAS integrity and NAS encryption keys and establishing a first NAS sub-context corresponding to a first access type, the first NAS sub-context comprising at least a first NAS link identification number, a first uplink packet count, a first downlink packet count.

公开(公告)号：US20230016347A1

公开(公告)日：2023-01-19

申请号：US17865160

申请日：2022-07-14

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR ,  Ranganathan MAVUREDDI DHANASEKARAN ,  Laurent THIEBAUT

IPC: H04W12/06 ,  H04W12/041 ,  H04W12/72

Abstract: Methods, computer program products, and apparatuses are provided for enabling a user equipment (UE) to connect to the wireless access network that support non-seamless wireless local area network (WLAN) offload (NSWO), such as using the UE's fifth generation (5G) credentials. An apparatus may include a processor and a memory storing computer program code configured to cause the apparatus to request, by the UE, a wireless connection to a network entity; receive, by the UE, from the network entity, an identity request; and in response to the identity request, cause transmission, by the UE, an identity response including a UE identifier to the network entity such that the UE is configured to establish a security context with the network entity upon successful authentication using the UE identifier.

公开(公告)号：US20220248225A1

公开(公告)日：2022-08-04

申请号：US17618015

申请日：2020-06-09

Applicant: Nokia Technologies Oy

Inventor： Nagendra BYKAMPADI ,  Laurent THIEBAUT ,  Anja JERICHOW ,  Suresh NAIR

IPC: H04W12/08 ,  H04L9/32 ,  H04L67/51

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

公开(公告)号：US20220240089A1

公开(公告)日：2022-07-28

申请号：US17618846

申请日：2020-06-04

Applicant: Nokia Technologies Oy

Inventor： Nagendra BYKAMPADI ,  Suresh NAIR ,  Anja JERICHOW

IPC: H04W12/08 ,  H04W12/06

Abstract: Improved techniques for secure access control in communication systems are provided. Secure access control in one or more examples includes authorization of network function sets. For example, in accordance with an authorization server function, a method includes receiving a request from a service consumer in a communication system for access to a service type, wherein the request comprises information including a service producer set identifier. The method determines whether the service consumer is authorized to access the service type. The method identifies service producer instances that belong to the requested service producer set identifier. The method generates an access token that comprises identifiers for identified ones of the service producer instances that belong to the requested service producer set identifier, and sends the access token to the service consumer.

公开(公告)号：US20220232382A1

公开(公告)日：2022-07-21

申请号：US17617817

申请日：2020-05-20

Applicant: Nokia Technologies Oy

Inventor： Suresh NAIR

IPC: H04W12/08 ,  H04W12/06

Abstract: Improved techniques are provided for security management in communication systems particularly with respect to access to restricted local operator services in the case of roaming user devices. In one example in accordance with user equipment in a communication system, a method includes initiating a request for access to restricted local operator services, acquiring a network identifier comprising a first country code, and comparing the acquired network identifier with a stored network identifier comprising a second country code. A determination is made whether the first country code and the second country code are different. At least a first action is performed in response to an affirmative determination, and at least a second action is performed in response to a negative determination.

公开(公告)号：US20210058776A1

公开(公告)日：2021-02-25

申请号：US17045370

申请日：2019-04-04

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI ,  Dimitrios SCHOINIANAKIS

IPC: H04W12/00 ,  H04W12/06 ,  H04W12/04 ,  H04L9/30

Abstract: At given user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the given user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the given user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for the given authentication scenario.

公开(公告)号：US20240154803A1

公开(公告)日：2024-05-09

申请号：US18307952

申请日：2023-04-27

Applicant: Nokia Technologies Oy

Inventor： Ranganathan MAVUREDDI DHANASEKARAN ,  Saurabh KHARE ,  Suresh NAIR

IPC: H04L9/08

CPC classification number: H04L9/0891

Abstract: Techniques for authentication and key management for applications (AKMA) in a communication network are disclosed. For example, a method comprises receiving an indication from an application function that a first expiry time of a first application function key, generated using a first random value and configured to enable user equipment to participate in a session with the application function, has expired. The method generates a second application function key for the application function, using a second random value, with a second expiry time.

公开(公告)号：US20240147244A1

公开(公告)日：2024-05-02

申请号：US18405341

申请日：2024-01-05

Applicant: NOKIA TECHNOLOGIES OY

Inventor： Suresh NAIR ,  Anja JERICHOW ,  Nagendra S BYKAMPADI ,  Dimitrios SCHOINIANAKIS

IPC: H04W12/72 ,  H04L9/30 ,  H04W12/041 ,  H04W12/06

CPC classification number: H04W12/72 ,  H04L9/3073 ,  H04W12/041 ,  H04W12/06

Abstract: A user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for a given authentication scenario.

公开(公告)号：US20220360586A1

公开(公告)日：2022-11-10

申请号：US17736622

申请日：2022-05-04

Applicant: Nokia Technologies Oy

Inventor： Chaitanya AGGARWAL ,  Suresh NAIR ,  Saurabh KHARE ,  Anja JERICHOW ,  Laurent THIEBAUT

IPC: H04L9/40 ,  H04W48/16

Abstract: There is provided a method, apparatus and computer program product for causing a network repository function to perform: receiving, from a network function service consumer, an access request for an access authorization token, the request comprising a first identification of the network function service consumer and a first identification of at least one network slice on which access is requested; generating an access token in response to the request, the access token comprising at least one network slice identifier for the at least one network slice identified by the first identification; and providing the generated access token to the network function in response to the request for an access authorization token.