Patents by Inventor Anja Jerichow

Anja Jerichow has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220110082
    Abstract: There is provided an apparatus configured to receive, from a first network entity associated with a first domain in a communication network, a request to communicate; determine a second network entity to which to send the request; determine that the second network entity is associated with a second domain in the communication network; and enforce at least one access policy for routing the request to the network entity, wherein the apparatus is a first service communication proxy trusted in both the first and second domains.
    Type: Application
    Filed: September 28, 2021
    Publication date: April 7, 2022
    Inventors: Thomas BELLING, Bruno LANDAIS, Saurabh KHARE, Anja JERICHOW
  • Publication number: 20220104162
    Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a registration request from an application function, wherein the registration request comprises at least one parameter that needs to be used for generating an access token for the application function, the at least one parameter being associated with the application function, registering the application function by the network repository function and transmitting, by the network repository function, a response to the registration request, wherein the response comprises the at least one parameter associated with the application function.
    Type: Application
    Filed: September 28, 2021
    Publication date: March 31, 2022
    Inventors: Chaitanya AGGARWAL, Anja JERICHOW, Georgios GKELLAS, Saurabh KHARE, Bruno LANDAIS
  • Publication number: 20220086734
    Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a Network Function, NF, service producer, by a Service Communication Proxy, SCP, a service request on behalf of an NF service consumer, wherein the service request comprises an access token, receiving, by the SCP, a service response from the NF service producer and upon receiving the service response, transmitting to the NF service consumer, by the SCP, information related to the access token.
    Type: Application
    Filed: August 24, 2021
    Publication date: March 17, 2022
    Inventors: Chaitanya AGGARWAL, Saurabh KHARE, Anja JERICHOW, Bruno LANDAIS
  • Publication number: 20220053393
    Abstract: If a first condition for a handover of an analytics calculation for a user equipment by an analytics function is met, the analytics function requests, of at least one other analytics function of the communication network, preparation of the handover of the analytics calculation. If a second condition for the handover of the analytics calculation is met, the analytics function confirms the handover to one of the at least one other analytics function, the analytics calculation for the user equipment at the analytics function being deemed complete.
    Type: Application
    Filed: August 11, 2021
    Publication date: February 17, 2022
    Applicant: NOKIA TECHNOLOGIES OY
    Inventors: Saurabh KHARE, Yannick LAIR, Shubhranshu SINGH, Laurent THIEBAUT, Cinzia SARTORI, Anja JERICHOW
  • Publication number: 20220045991
    Abstract: There are provided measures for optimization of network function profile administration and registration. Such measures exemplarily comprise, at a network repository function entity, receiving, from a control entity, network entity profile template information, storing said network entity profile template information, wherein said network entity profile template information comprises a network entity profile template including an identifier of said network entity profile template and a profile content of said network entity profile template, said profile content including at least one profile attribute, receiving, from a network entity, a network entity registration request comprising said identifier of said network entity profile template, and generating a network entity profile for said network entity based on said at least one profile attribute.
    Type: Application
    Filed: August 5, 2021
    Publication date: February 10, 2022
    Inventors: Saurabh KHARE, Bruno LANDAIS, Thomas BELLING, Anja JERICHOW
  • Publication number: 20220046426
    Abstract: In accordance with an example embodiment, there is provided an apparatus, such as a user equipment, configured to receive, from a communication network, an authentication request which comprises a nonce and a received sequence number, check, whether the received sequence number is advanced with respect to a first sequence number, the first sequence number being from a most recent previous authentication request handled by the apparatus, check, responsive to the received sequence number not being advanced with respect the first sequence number, whether the nonce is identical to one from among plural stored nonces, and send, responsive to the nonce being identical to the one stored nonce, a response to the authentication request which comprises as a synchronization failure token a dummy value which is not derived from the first sequence number.
    Type: Application
    Filed: January 27, 2021
    Publication date: February 10, 2022
    Inventors: Peter Schneider, Ranganathan Mavureddi Dhanasekaran, Anja Jerichow
  • Publication number: 20220038896
    Abstract: Techniques for preventing sequence number leakage during user equipment authentication in a communication network are provided. For example, a method comprises obtaining a permanent identifier and an authentication sequence value that are unique to user equipment, concealing the permanent identifier and the authentication sequence value, and sending the concealed permanent identifier and the authentication sequence value in a registration message from the user equipment to a communication network. Then, advantageously, in response to receipt of an authentication failure message from the communication network, the user equipment can send a response message to the communication network containing a failure cause indication without a re-synchronization token.
    Type: Application
    Filed: July 30, 2020
    Publication date: February 3, 2022
    Inventors: Suresh Nair, Ranganathan Mavureddi Dhanasekaran, Anja Jerichow
  • Publication number: 20220014888
    Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a request from a network function, wherein the request comprises a string associated with an instance identity of the network function, determining, by the network repository function, a type of the instance identity of the network function from a set of instance identity types, determining, by the network repository function, the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function and transmitting, by the network repository function, a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function.
    Type: Application
    Filed: June 30, 2021
    Publication date: January 13, 2022
    Inventors: Nagendra S BYKAMPADI, Jani Petteri EKMAN, Anja JERICHOW
  • Patent number: 11212739
    Abstract: According to an aspect, there is provided a terminal device comprising means for performing the following. The terminal device transmits a tethering request for setting up a tethering cell over at least one communications network to at least one tethering terminal device capable of setting up a tethering cell. Then, the terminal device performs tethering cell discovery for discovering tethering cells set up by any of said at least one tethering terminal device. In response to discovering a tethering cell provided by a tethering terminal device of said at least one tethering terminal device, the terminal device accesses the tethering cell.
    Type: Grant
    Filed: July 17, 2020
    Date of Patent: December 28, 2021
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Hans Thomas Höhne, Lianghai Ji, Anja Jerichow, Ling Yu, Tero Henttonen
  • Patent number: 11212321
    Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: December 28, 2021
    Assignee: NOKIA SOLUTIONS AND NETWORK OY
    Inventors: Anja Jerichow, Thomas Belling, Guenther Horn
  • Patent number: 11202192
    Abstract: User equipment is registered with a visited public land mobile network, VPLMN, in a process including: producing at the user equipment a concealed identifier; producing at the user equipment a freshness code; and sending by the user equipment to the VPLMN the concealed identifier and the freshness code; receiving by the user equipment an identity request from the VPLMN indicating that the long-term identifier must be transmitted to the VPLMN in a non-concealed form; receiving by the user equipment from the VPLMN a permission authenticator; and verifying at the user equipment if the permission authenticator has been formed with a cryptographic authentication of the home public land mobile network, HPLMN, and the user equipment or a subscription module at the user equipment indicating permission to transmit the long-term identifier to the VPLMN in the non-concealed form and if yes, transmitting the long-term identifier to the VPLMN in the non-concealed form.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: December 14, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Guenther Horn, Anja Jerichow
  • Publication number: 20210360393
    Abstract: A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.
    Type: Application
    Filed: April 8, 2019
    Publication date: November 18, 2021
    Inventors: Suresh NAIR, Anja JERICHOW, Nagendra S BYKAMPADI
  • Publication number: 20210321303
    Abstract: Techniques for automated management of a service level agreement between a first communication network and a second communication network are provided. For example, one of the communication networks is a visited network while the other is a home network whereby the service level agreement is a roaming agreement. In one example, a message is received at a first communication network from a second communication network, wherein at least a portion of the message relates to the service level agreement between the first communication network and the second communication network. An automated verification of information in the message is performed at the first communication network to determine compliance with the service level agreement. The message receiving step is performed by a security edge protection proxy function of the first communication network and the automated verification performing step is performed by a service level agreement management function of the first communication network.
    Type: Application
    Filed: August 9, 2019
    Publication date: October 14, 2021
    Inventors: Suresh Nair, Anja Jerichow, Nagendra S Bykampadi
  • Publication number: 20210297457
    Abstract: A session management function of a 5G system receives information that a secondary authentication is to be done for a given user equipment for authorising user equipment to use a data network; and responsively to the received information, communicates with the data network and receives from the data network an indication; and allows a 5G access to the user equipment so that the user equipment can communicate with the data network according to the indication either without cryptographic protection or with cryptographic protection depending on the indication.
    Type: Application
    Filed: August 2, 2019
    Publication date: September 23, 2021
    Inventors: Peter Schneider, Anja Jerichow
  • Publication number: 20210250186
    Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, one of the first and second security edge protection proxy elements initiates a mutual authentication procedure with the other of the first and second security edge protection proxy elements. The one of the first and second security edge protection proxy elements exchanges credentials with the other of the first and second security edge protection proxy elements, wherein a secure channel is established between the first and second security edge protection proxy elements upon verification of the credentials.
    Type: Application
    Filed: May 7, 2019
    Publication date: August 12, 2021
    Inventors: Nagendra S Bykampadi, Anja Jerichow, Suresh Nair
  • Publication number: 20210248025
    Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, and wherein one of the first and second security edge protection proxy elements is a sending security edge protection proxy element and the other of the first and second security edge protection proxy elements is a receiving security edge protection proxy element, the receiving security edge protection proxy element receives a message from the sending security edge protection proxy element. The receiving security edge protection proxy element detects one or more error conditions associated with the received message. The receiving security edge protection proxy element determines one or more error handling actions to be taken in response to the one or more detected error conditions.
    Type: Application
    Filed: May 7, 2019
    Publication date: August 12, 2021
    Inventors: Suresh Nair, Anja Jerichow, Nagendra S Bykampadi
  • Publication number: 20210235269
    Abstract: There are provided measures for network authorization assistance. Such measures exemplarily comprise detecting a connection opportunity to a radio access network, obtaining a network identifier of said radio access network, said network identifier being indicative of trust related information with respect to said radio access network, circuitry 11 verifying correctness of said network identifier, and controlling a selection processing of selecting to connect to said radio access network or not based on said network identifier of said radio access network, if said network identifier is verified as being correct.
    Type: Application
    Filed: April 19, 2016
    Publication date: July 29, 2021
    Inventors: Guenther HORN, Anja JERICHOW
  • Publication number: 20210234706
    Abstract: A request is received at an authorization entity for access to a service producer by a service consumer. The request comprises a public key of the service consumer. The authorization entity generates an access token with the public key of the service consumer bound thereto. The authorization entity sends the access token to the service consumer. The service consumer digitally signs the access token using a private key that corresponds to the public key bound to the access token to form a digital signature. The service consumer sends the access token with the public key bound thereto and the digital signature to the service producer. The service producer validates the access token, obtains the public key from the access token, and verifies the digital signature using the obtained public key of the service consumer. The service consumer is authorized when the access token is successfully validated and the digital signature is successfully verified.
    Type: Application
    Filed: August 2, 2019
    Publication date: July 29, 2021
    Inventors: Suresh Nair, Anja Jerichow, Nagendra S Bykampadi
  • Publication number: 20210219137
    Abstract: In one example, a method initiates establishment of a secure tunnel by a security proxy element (e.g., SEPP) in a first communication network (e.g., VPLMN) with an internetwork exchange element (e.g., IPX node) which is operatively coupled between the first communication network and a second communication network (e.g., HPLMN). Upon establishment of the secure tunnel, the method sends a message from the security proxy element to the internetwork exchange element over the secure tunnel. The secure tunnel can be a VPN tunnel and can be established using TLS or IPsec. In one example, the internetwork exchange node functions as an HTTP proxy, and in another embodiment as an interception (e.g., MITM) proxy. In another example, HTTPS is used to establish a separate TLS connection for each HTTP message. In yet another example, the security proxy element is configured to select (and change as needed) the secure communication mechanism.
    Type: Application
    Filed: September 20, 2019
    Publication date: July 15, 2021
    Inventors: Nagendra S Bykampadi, Anja Jerichow, Suresh Nair
  • Publication number: 20210219256
    Abstract: Authentication in a public land mobile network, PLMN, having tenant slices is performed by a network element that has: a memory comprising program code; a communication circuitry for communication with entities in the PLMN; and a processing circuitry configured to execute the program code and according to the program code to cause: detecting a registration request from a mobile communication device, MCDt; detecting whether the registration request requests access to a network slice with one-tier authentication with the network slice, and: if yes, causing beginning of authenticating the MCDt with the network slice independently of any authentication between the MCDt and the PLMN.
    Type: Application
    Filed: May 18, 2018
    Publication date: July 15, 2021
    Inventors: Cinzia SARTORI, Anja JERICHOW, Peter SCHNEIDER