Patents by Inventor Sheeba Backia Mary BASKARAN
Sheeba Backia Mary BASKARAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11991518Abstract: An apparatus is provided. The apparatus includes a memory storing one or more instructions and a processor. The processor execute the one or more instructions to: receive update information from an external apparatus, the update information corresponding to a network communication; obtain a Subscription Concealed Identifier (SUCI) based on the update information; and transmit the SUCI to the external apparatus.Type: GrantFiled: November 6, 2019Date of Patent: May 21, 2024Assignee: NEC CORPORATIONInventors: Sander De Kievit, Anand Raghawa Prasad, Sheeba Backia Mary Baskaran
-
Patent number: 11991165Abstract: The present disclosure relates to authentication methods supported by the User Equipment (UE) to the core network and authentication method (selected by the core network) to the UE. These can be used for negotiating any primary or secondary (or any) authentication method and are applicable when multiple authentication methods are supported at the UE and the network (authentication server). Further, the present disclosure also offers security solution to prevent modification or tampering of the parameters in the mechanisms in order to prevent attacks such as bidding-down, Denial of Service (DoS) and Man-In-The-Middle (MITM).Type: GrantFiled: April 2, 2019Date of Patent: May 21, 2024Assignee: NEC CORPORATIONInventors: Anand Raghawa Prasad, Sivakamy Lakshminarayanan, Sheeba Backia Mary Baskaran, Sivabalan Arumugam, Hironori Ito, Takahito Yoshizawa
-
Publication number: 20240154953Abstract: Apparatuses, methods, and systems are disclosed for authentication for a network service. One method includes receiving, at a first network device from a second network device, a network function service request to execute a service on a third network device. The request includes first credentials for authentication with a first network device and second credentials for authentication with the third network device. The method includes determining whether the first credentials provided are valid and execute the service request by determining the third network device to execute the service requested from the second network device. The method includes transmitting, to a fourth network device, a request for authentication with the third network device. The request includes an identifier of the third network device and second credentials of the second network device.Type: ApplicationFiled: February 18, 2022Publication date: May 9, 2024Inventors: Dimitrios Karampatsis, Andreas Kunz, Sheeba Backia Mary Baskaran
-
Publication number: 20240129739Abstract: Various aspects of the present disclosure relate to secure data collection via a messaging framework. An apparatus includes at least one memory and at least one processor that is configured to receive a subscription request from a data consumer function, the subscription request comprising a data tag associated with a data producer function, generate a security key for the data tag, generate a binding for the data tag between the security key, the data consumer function, and the data producer function, and transmit, for use in data transmissions between the data producer function and the data consumer function a service request message to the data producer function, the service request message comprising the data tag and the security key, and a data exposure response message to the data consumer function, the data exposure response message comprising the data tag and the security key.Type: ApplicationFiled: February 21, 2022Publication date: April 18, 2024Inventors: Andreas Kunz, Dimitrios Karampatsis, Sheeba Backia Mary Baskaran
-
Publication number: 20240129723Abstract: Various aspects of the present disclosure relate to key identification for mobile edge computing functions. An apparatus includes at least one memory and at least one processor that is configured to generate a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service, derive a key for a network function based on a corresponding root key and the generated KSI, the KSI provided as input to a key derivation function (“KDF”), and transmit an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the KSI.Type: ApplicationFiled: February 8, 2022Publication date: April 18, 2024Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran
-
Publication number: 20240129729Abstract: Apparatuses, methods, and systems are disclosed for rerouting message transmissions. One method includes receiving, at a first network device, a registration request message. The method includes delaying, by the first network device, primary authentication, security setup, or a combination thereof based at least partly on a subscription permanent identifier (SUFI) from a second network device and subscription information. The method includes determining, at the first network device, whether to transmit a reroute non-access stratum (NAS) message.Type: ApplicationFiled: February 9, 2022Publication date: April 18, 2024Inventors: Sheeba Backia Mary Baskaran, Ravi Kuchibhotla, Andreas Kunz, Genadi Velev
-
Patent number: 11962999Abstract: A method for providing a key derivation function (KDF) negotiation in a 5G network is provided. The method which includes: selecting a specific KDF at a UE and at the network for at least one security related key derivation; and transmitting, said selected KDF to the UE and to other network functions to indicate said selected KDF for generating specific security key at a receiver side.Type: GrantFiled: October 30, 2019Date of Patent: April 16, 2024Assignee: NEC CORPORATIONInventors: Sheeba Backia Mary Baskaran, Sivabalan Arumugam, Anand Raghawa Prasad, Sander De Kievit, Takahito Yoshizawa, Hironori Ito
-
Publication number: 20240121088Abstract: Apparatuses, methods, and systems are disclosed for provisioning server selection in a cellular network. One method includes communicating, at a network device, with a remote unit via a first network function. The method includes receiving an authentication request from the first network function. The method includes selecting a provisioning server based on a remote unit identity of an onboarding profile, based on a pre-configuration, or a combination thereof. The method includes transmitting a response message to the first network function. The response message includes a provisioning server address.Type: ApplicationFiled: February 8, 2022Publication date: April 11, 2024Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran, Genadi Velev
-
Patent number: 11956636Abstract: A communication terminal (10) according to the present disclosure includes: a control unit (12) configured to, in a case of a movement from a communication area formed by the 5GS to a communication area formed by the EPS or a movement from a communication area formed by the EPS to a communication area formed by the 5GS, determine whether or not a communication system forming a communication area at a movement destination can satisfy requirements of services; and a communication unit (11) configured to, when it is determined that the communication system forming the communication area at the movement destination can satisfy the requirements of the services, send a connection request message to the communication system forming the communication area at the movement destination.Type: GrantFiled: December 13, 2022Date of Patent: April 9, 2024Assignee: NEC CORPORATIONInventors: Hironori Ito, Anand Raghawa Prasad, Andreas Kunz, Sivabalan Arumugam, Sivakamy Lakshminarayanan, Sheeba Backia Mary Baskaran
-
Publication number: 20240114335Abstract: Apparatuses, methods, and systems are disclosed for network security based on routing information. One method includes receiving at a first network device, a security request message from an initial access and mobility management function (AMF), an initial security anchor function (SEAF)), or a combination thereof. The security request message includes information indicating a serving network name (SNN), whether routing information is required, a subscription permanent identifier (SUFI), or some combination thereof. The method includes determining, at the first network device, routing information based on the security request message. The method includes transmitting, from the first network device, a security response message to the initial AMF, the initial SEAF, or the combination thereof. The security response message includes the routing information.Type: ApplicationFiled: February 8, 2022Publication date: April 4, 2024Inventors: Sheeba Backia Mary Baskaran, Genadi Velev, Andreas Kunz
-
Publication number: 20240098494Abstract: Apparatuses, methods, and systems are disclosed for handling security aspects for UAS in a 3GPP network. One apparatus contains a transceiver that receives a revocation indication message from a mobile communication network and a processor that deletes UAS-related authorization and security information corresponding to a UAV ID. The transceiver further transmits a revocation acknowledgement message to the mobile communication network.Type: ApplicationFiled: January 10, 2022Publication date: March 21, 2024Inventors: Sheeba Backia Mary Baskaran, Andreas Kunz, Dimitrios Karampatsis
-
Publication number: 20240098500Abstract: Apparatuses, methods, and systems are disclosed for managing the end-to-end (“e2e”) data protection. One apparatus includes a transceiver that receives, from an application server, a management requirement for managing e2e data protection for at least one service. The apparatus includes a processor that obtains at least one digital identifier (“DIG-ID”) of at least one client device for the at least one service in response to receiving the management requirement and verifies the at least one DIG-ID with a distributed transaction verification network. The transceiver further sends a request to a mobile communication network, the request providing the at least one verified DIG-ID, and sends a trigger event to the at least one client device for connecting to the mobile communication network using the at least one verified DIG-ID.Type: ApplicationFiled: December 8, 2020Publication date: March 21, 2024Inventors: Emmanouil Pateromichelakis, Sheeba Backia Mary Baskaran, Ravi Kuchibhotla
-
Patent number: 11937079Abstract: A communication terminal capable of preventing a reduction in security level that is caused at the time of establishing multiple connections via 3GPP Access and Non-3GPP Access. A communication terminal according to the present disclosure includes: a communication unit configured to communicate with gateway devices disposed in a preceding stage of a core network device via an Untrusted Non-3GPP Access; and a key derivation unit configured to derive a second security key used for security processing of a message transmitted using a defined protocol with the gateway device, from a first security key used for security processing of a message transmitted using a defined protocol with the core network device.Type: GrantFiled: September 27, 2018Date of Patent: March 19, 2024Assignee: NEC CORPORATIONInventors: Hironori Ito, Sivakamy Lakshminarayanan, Anand Raghawa Prasad, Sivabalan Arumugam, Sheeba Backia Mary Baskaran
-
Patent number: 11910184Abstract: The present disclosure provides a User Equipment (UE) comprising a transceiver circuit; and a controller configured to control the transceiver circuit to send, to an Access and mobility Management Function (AMF) of a communication node, an identifier, wherein upon successful authentication of a network access function of the UE in the communication node, the controller is configured to maintain a secure connection with the communication node.Type: GrantFiled: January 10, 2020Date of Patent: February 20, 2024Assignee: NEC CORPORATIONInventors: Sheeba Backia Mary Baskaran, Sander De Kievit, Sivabalan Arumugam, Anand Raghawa Prasad
-
Patent number: 11902776Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.Type: GrantFiled: December 9, 2022Date of Patent: February 13, 2024Assignee: NEC CORPORATIONInventors: Sheeba Backia Mary Baskaran, Anand Raghawa Prasad, Sivabalan Arumugam, Sivakamy Lakshminarayanan, Hironori Ito, Andreas Kunz
-
Publication number: 20240022908Abstract: Apparatuses, methods, and systems are disclosed for Digital Identifier-based authentication for network access. One apparatus includes a memory coupled to a processor, the memory storing instructions executable by the processor to control the apparatus to receive a first authentication request message containing UE identifier that is based on a Digital Identifier (“DIG-ID”) comprising a verifiably secure identity. The instructions are executable by the processor to control the apparatus to receive subscription information from a service provider identified using the DIG-ID, and to store the subscription information and UE security context containing at least one security key derived using the DIG-ID. The instructions are executable by the processor to control the apparatus to transmit the at least one security key.Type: ApplicationFiled: November 6, 2020Publication date: January 18, 2024Inventors: Sheeba Backia Mary Baskaran, Apostolis Salkintzis, Andreas Kunz
-
Patent number: 11877148Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.Type: GrantFiled: November 11, 2022Date of Patent: January 16, 2024Assignee: NEC CORPORATIONInventors: Sheeba Backia Mary Baskaran, Sivakamy Lakshminarayanan, Anand Raghawa Prasad, Sivabalan Arumugam, Hironori Ito, Takahito Yoshizawa
-
Publication number: 20230413060Abstract: Apparatuses, methods, and systems are disclosed for Digital Identifier-based subscription onboarding. One apparatus includes a memory coupled to a processor, the memory storing instructions executable by the processor to control the apparatus to acquire a Digital Identifier (“DIG-ID”) comprising a verifiably secure identity, and to generate a digital signature of the DIG-ID and a timestamp using a private key. The instructions are executable by the processor to control the apparatus to send a first request to a mobile communication network and to receive a response containing an onboarding authentication success indication and a verified DIG-ID, the first request including the DIG-ID, the timestamp and the digital signature. The instructions are executable by the processor to establish a provisioning connection to the mobile communication network and to receive a subscription credential and/or a user subscription profile via the provisioning connection.Type: ApplicationFiled: November 6, 2020Publication date: December 21, 2023Inventors: Sheeba Backia Mary Baskaran, Apostolis Salkintzis, Andreas Kunz, Genadi Velev, Roozbeh Atarius, Ishan Vaishnavi, Emmanouil Pateromichelakis, Dimitrios Karampatsis
-
Publication number: 20230403640Abstract: Apparatuses, methods, and systems are disclosed for correlating a user equipment and an access and mobility management function. One method (900) includes determining (902), at a first network device, a correlation between a user equipment identifier for a user equipment and an access and mobility management function identifier for an access and mobility management function. The method (900) includes storing (904), by the first network device, correlation information indicating the correlation between the user equipment identifier and the access and mobility management function identifier. The method (900) includes receiving (906), at the first network device, a request from a second network device, wherein the request comprises the user equipment identifier. The method (900) includes determining (908), by the first network device, the access and mobility management function identifier using the user equipment identifier in the request.Type: ApplicationFiled: October 29, 2020Publication date: December 14, 2023Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran, Tingfang Tang
-
Publication number: 20230328527Abstract: A method for integrity protection scheme by a mobile communication device or a core network entity according to a first exemplary aspect of the present disclosure includes configuring settings and parameters for integrity protection for user data with another party; receiving user plane data from the other party, calculating Message Authentication Code for Integrity (MAC-I) for a part of the data and checking integrity of the part of the data.Type: ApplicationFiled: June 12, 2023Publication date: October 12, 2023Applicant: NEC CorporationInventors: Hironori ITO, Anand Raghawa PRASAD, Sivabalan ARUMUGAM, Takahito YOSHIZAWA, Sivakamy LAKSHMINARAYANAN, Sheeba Backia Mary BASKARAN