-
公开(公告)号:US20240283661A1
公开(公告)日:2024-08-22
申请号:US18113041
申请日:2023-02-22
发明人: Jay Rajput , Virendra Singh , Pavani Chirala
IPC分类号: H04L9/32
CPC分类号: H04L9/3268 , H04L9/3213
摘要: A method for protecting against unauthorized use of CMP client identity private keys and CMP public key certificates associated with NFs includes receiving, by a CMP CA proxy, a first CMP certificate request for renewing a security certificate associated with a first NF, the CMP certificate request including a public key certificate associated with the first NF and is protected by a CMP client identity private key associated with the first NF. The method further includes determining that the first NF is registered with the NRF, and, in response to determining that the first NF is registered with the NRF, checking, by the CMP CA proxy whether the first CMP certificate request includes an NRF-issued access token for the first NF, determining that the CMP certificate request does not include the NRF-issued access token for the first NF, and, in response to determining that the first CMP certificate request does not include the NRF-issued access token for the first NF, performing a network security action regarding the first CMP certificate request.
-
公开(公告)号:US11695563B2
公开(公告)日:2023-07-04
申请号:US17314382
申请日:2021-05-07
CPC分类号: H04L9/3228 , H04L9/3236 , H04L63/0281 , H04W12/06
摘要: A method for creating single-use authentication messages includes creating, at a consumer network function of a core network of a telecommunications network, a message hash of at least a subset of a request message. The method includes adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function. The method includes sending, from the consumer network function, the request message with the CCA token to a producer network function.
-
公开(公告)号:US20230164109A1
公开(公告)日:2023-05-25
申请号:US17534904
申请日:2021-11-24
IPC分类号: H04L61/4511 , H04L41/50 , H04L61/10 , H04L41/5054 , H04L61/5076
CPC分类号: H04L61/1511 , H04L41/5058 , H04L61/10 , H04L41/5054 , H04L61/2076
摘要: A method for automatic domain name system (DNS) configuration for 5G core (5GC) network functions (NFs) includes, at an NF repository function (NRF) including at least one processor, receiving a message concerning a 5GC network function. The method further includes determining a first DNS resource record parameter for the 5GC NF. The method further includes determining a second DNS resource record parameter for the 5GC NF. The method further includes automatically configuring a DNS with a mapping between the first and second DNS resource record parameters for the 5GC NF.
-
公开(公告)号:US20230147549A1
公开(公告)日:2023-05-11
申请号:US17524711
申请日:2021-11-11
发明人: Virendra Singh , Jay Rajput , Ankit Srivastava
摘要: A method for generating, conveying, and using attempted producer network function (NF) instance communication information includes, at a first service communication proxy (SCP), receiving, from a sender, a first service based interface (SBI) request message. The method further includes attempting to obtain a service requested by the first SBI request message from at least one producer NF instance. The method further includes receiving at least one error response or failing to receive a response from the at least one producer NF instance. The method further includes generating, from the at least one error response or the failing to receive a response from the at least one producer NF instance, attempted producer NF instance communication information. The method further includes communicating, to the sender, the attempted producer NF instance communication information.
-
公开(公告)号:US20230110286A1
公开(公告)日:2023-04-13
申请号:US17497879
申请日:2021-10-08
摘要: A method for routing inter-public land mobile network (inter-PLMN) messages relating to existing subscriptions with a network function (NF) repository functions (NRFs) includes, at a security edge protection proxy (SEPP) implemented using at least one processor, automatically populating, by the SEPP, a subscription identifier to target NRF resource identification information mapping database accessible to the SEPP with mappings between subscription identifiers and target NRF resource identification information. The method further includes receiving an inter-PLMN message for modifying or deleting a subscription. The method further includes reading a subscription identifier from the message for modifying or deleting the subscription. The method further includes using the subscription identifier from the message for modifying or deleting the subscription to access the database and obtain an identifier associated with an NRF that created the subscription. The method further includes forwarding the message for updating or deleting the subscription to the NRF.
-
公开(公告)号:US20230090068A1
公开(公告)日:2023-03-23
申请号:US17481004
申请日:2021-09-21
IPC分类号: H04L29/12
摘要: A method for providing for optimized service based interface (SBI) communications by performing network function (NF) fully qualified domain name (FQDN) resolution at an NF repository function (NRF) includes, at an NRF including at least one processor, receiving NF register requests including NF profiles and/or NF service profiles, at least some of which include FQDNs and do not include Internet protocol (IP) addresses. The method further includes storing the NF profiles and/or NF service profiles in an NF profiles database. The method further includes resolving the FQDNs in NF profiles and/or NF service profiles into IP addresses. The method further includes receiving NF discovery requests. The method further includes generating lists of NF profiles and/or NF service profiles that match query parameters in the NF discovery requests. The method further includes providing the lists of NF profiles and/or NF service profiles including the IP addresses to consumer NFs in NF discovery responses.
-
公开(公告)号:US20230072290A1
公开(公告)日:2023-03-09
申请号:US17468117
申请日:2021-09-07
发明人: Jay Rajput , Virendra Singh , Ankit Srivastava
IPC分类号: H04L29/06
摘要: The subject matter described herein includes a method for reducing the likelihood of successful denial of service (DoS) attacks by validating overload control information (OCI) scope information against network function (NF) profile information obtained using target resource identification information. The method includes receiving a service based interface (SBI) request message, obtaining, from the SBI request message, target resource identification information, obtaining NF profile information using the target resource identification information and storing the NF profile information, receiving an SBI response message including overload control information and scope information for the overload control information, using the stored NF profile information to determine whether the scope information for the overload control information is valid, and, in response to determining that the scope information for the overload control information is invalid, rejecting the SBI response message.
-
公开(公告)号:US20220360991A1
公开(公告)日:2022-11-10
申请号:US17314329
申请日:2021-05-07
IPC分类号: H04W12/122
摘要: A method for protecting against mass NF deregistration attacks can be performed at an NRF or SCP. The method includes receiving an NFDeregister request for deregistering an NF. The method further includes classifying the NFDeregister request as suspect based on application of suspect NFDeregister request classification rules. The method further includes in response to classifying the NFDeregister request as suspect, queueing the NFDeregister request. The method further includes receiving an NF heart-beat message concerning the NF. The method further includes determining that the NF heart-beat message is received within an NF heart-beat time interval for the NF. The method further includes in response to determining that the NF heart-beat message is received within the NF heart-beat time interval for the NF, preventing processing of the NF Deregister request and blacklisting a sender of the NFDeregister request.
-
公开(公告)号:US20220287089A1
公开(公告)日:2022-09-08
申请号:US17192800
申请日:2021-03-04
发明人: Virendra Singh , Jay Rajput , Ankit Srivastava
摘要: A method for resource object level authorization at a network function (NF) includes maintaining, by a first NF, a service based interface (SBI) resource object access authorization policy database containing policies for controlling access to SBI resource objects and dynamically populating a resource object owner database containing records for resource objects and corresponding resource object owners. The method further includes receiving, by the first NF and from a second NF, a first SBI resource object access request for accessing a resource object, accessing, using information from the first SBI resource object access request, the resource object access authorization policy database and the resource object owner database, determining that an access to the resource object requested by the first resource object access request is not permitted, and preventing the access to the resource object requested by the first resource object access request.
-
公开(公告)号:US20220247779A1
公开(公告)日:2022-08-04
申请号:US17167319
申请日:2021-02-04
IPC分类号: H04L29/06
摘要: A method for DoS attacks at an NF includes maintaining, at a first NF, an NF subscription database containing rules that specify maximum numbers of allowed subscriptions and corresponding rule criteria. The method further includes receiving, at the first NF and from a second NF, a subscription request for establishing a subscription. The method further includes determining, by the first NF, that the subscription request matches criteria for at least one rule in the NF subscription database and incrementing, by the first NF, at least one count of a number of subscriptions for the at least one rule. The method further includes determining, by the first NF, that the at least one count of the number of subscriptions exceeds a maximum number of allowed subscriptions for the at least one rule. The method further includes, in response to determining that the at least one count of the number of subscriptions exceeds the maximum number of allowed subscriptions for the at least one rule, preventing establishment of the subscription.
-
-
-
-
-
-
-
-
-
搜索结果
58 条记录 (耗时 0.032 秒)
