Patents by Inventor Silke Holtmanns
Silke Holtmanns has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11844014Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.Type: GrantFiled: April 3, 2020Date of Patent: December 12, 2023Assignee: NOKIA TECHNOLOGIES OYInventors: Nagendra S Bykampadi, Jani Ekman, Silke Holtmanns
-
Publication number: 20220248220Abstract: A system for securing control plane traffic in a sliced communication network that is adapted to run a plurality of network functions includes a plurality of security guards, each placed at an edge of an internal security zone, wherein the internal security zone is formed by grouping one or more network functions. Each security guard is configured to receive an incoming message from a requestor external to corresponding internal security zone and validate the extracted information against each other, and against a service specification policy for the communication network, and against threat intelligence analytics data. Each security guard is configured to compute one or more risk scores indicating risk perception or incidence of attack for its associated internal security zone and to initiate one or more attack preventive measures if a computed risk score exceeds a predetermined threshold. such as modifying or correcting or dropping the incoming message.Type: ApplicationFiled: January 31, 2022Publication date: August 4, 2022Inventors: Cathal Mc Daid, Silke Holtmanns
-
Patent number: 11381964Abstract: A cellular terminal detects any capability reporting trigger and responsively to such determination produces a cellular network authentication capabilities message indicative of cellular network authentication capabilities available for the terminal; and transmits the cellular network authentication capabilities message to the cellular network. The cellular network receives the network authentication capabilities message from a cellular terminal, selects a cellular authentication algorithm based on capabilities indicated by the network authentication capabilities message; and performs cellular authentication with the cellular terminal using the selected cellular authentication algorithm.Type: GrantFiled: May 20, 2014Date of Patent: July 5, 2022Assignee: Nokia Technologies OyInventors: Hannu Bergius, Silke Holtmanns
-
Publication number: 20220159431Abstract: Methods and apparatus, including computer program products, are provided In one aspect there is provided a method. The method may include detecting, at a first node, an event; generating, at the first node, a message in response to the detected event; and sending, at the first node, the message to at least a second node to enable the second node to determine at least one of a reliability or an importance of the message. Related apparatus, systems, methods, and articles are also described.Type: ApplicationFiled: February 1, 2022Publication date: May 19, 2022Inventors: Martti Moisio, Silke Holtmanns, Mikko Uusitalo, Zexian Li, Ilkka Keskitalo
-
Publication number: 20220124501Abstract: A user plane network entity of a 5G core network performs: obtaining GPRS Tunneling Protocol User Plane (GTP-U) tunneling information of a new or updated protocol data unit (PDU) session from a control plane network entity of the 5G core network; and adjusting according to the obtained GTP-U tunneling information a GTP-U firewall for selectively allowing to pass through only GTP-U traffic concerning GTP-U tunnels defined by the GTP-U tunneling information. The control plane network entity performs: obtaining from control plane signaling the GTP-U tunneling information and communicating same to the GTP-U firewall. A system containing the user plane network entity and the control plane network entity is also disclosed.Type: ApplicationFiled: January 15, 2020Publication date: April 21, 2022Inventors: Nagendra S BYKAMPADI, Silke HOLTMANNS, Bruno LANDAIS
-
Publication number: 20220103599Abstract: Methods and apparatus are disclosed for unified security configuration management. A method may comprise: determine a security configuration to be executed; determine at least one security application which is installed on at least one node and is associated with the security configuration; format for the security configuration, instructions corresponding to each of the at least one security application, respectively; and send the instructions to the at least one node for respective configuration for each of the at least one security application.Type: ApplicationFiled: January 2, 2019Publication date: March 31, 2022Inventors: Wei Zheng, Cheng Cai, Yulong Zhang, Xiaoguang Zhao, Silke Holtmanns, Ian Justin Oliver
-
Patent number: 11277721Abstract: Methods and apparatus, including computer program products, are provided in one aspect there is provided a method. The method may include detecting, at a first node, an event; generating, at the first node, a message in response to the detected event; and sending, at the first node, the message to at least a second node to enable the second node to determine at least one of a reliability or an importance of the message. Related apparatus, systems, methods, and articles are also described.Type: GrantFiled: February 13, 2015Date of Patent: March 15, 2022Assignee: Nokia Technologies OyInventors: Martti Moisio, Silke Holtmanns, Mikko Uusitalo, Zexian Li, Ilkka Keskitalo
-
Publication number: 20210377212Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a receiver configured to receive a message from a first security zone, distinct from the one where the apparatus is comprised in, and at least one processing core configured to determine whether to apply a recovery action to the message, the determination comprising a first verification, based on first criteria, to assess whether to apply the recovery action outright, and only in case the first verification does not result in the assessment to apply the recovery action outright, a second verification, based on second criteria, to generate a first weight and a third verification, based on third criteria, to generate a second weight, and to compare a sum of the first weight and the second weight to a predefined trigger to perform the determination.Type: ApplicationFiled: May 20, 2019Publication date: December 2, 2021Inventors: Silke HOLTMANNS, Yoan Jean Claude MICHE, Nagendra S Bykampadi
-
Publication number: 20210306326Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for hop-by-hop security. A proposed method comprises receiving, at a first apparatus and from a second apparatus associated with a first network function, a message directed from the first network function to a second network function, the message comprising a first signature and network function information, the network function information at least comprising identification information of the first network function; in accordance with a successful validation of the first signature, updating the message with a second signature specific to a service communication proxy implemented by the first apparatus; and transmitting the updated message to a third apparatus associated with the second network function, the updated message comprising at least the second signature and the network function information.Type: ApplicationFiled: January 27, 2021Publication date: September 30, 2021Inventors: Nagendra Bykampadi, Bruno Landais, Silke Holtmanns, Jani Petteri Ekman
-
Publication number: 20210297942Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.Type: ApplicationFiled: April 3, 2020Publication date: September 23, 2021Inventors: Nagendra S Bykampadi, Jani Ekman, Silke Holtmanns
-
Patent number: 11032699Abstract: It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.Type: GrantFiled: May 14, 2018Date of Patent: June 8, 2021Assignee: NOKIA TECHNOLOGIES OYInventors: Anja Jerichow, Silke Holtmanns
-
Patent number: 10893069Abstract: In accordance with the example embodiments of the Invention there is at least a method and apparatus to detect that at least one message received from another network device of a communication network is in response to a prior message using a spoofed source address; based on the detecting, mirror the at least one message; and send to the another network device the mirrored at least one message to cause the another network device to filter out the at least one message in response to the prior message using the spoofed address. Further, there is at least a method and apparatus to receive from a network node signaling associated with at least one message; based on the signaling, detect that the at least one message is in response to a prior message using a spoofed source address; and based on the detecting, filter out the at least one message in response to the prior message using the spoofed source address.Type: GrantFiled: February 24, 2017Date of Patent: January 12, 2021Assignee: Nokia Technologies OyInventors: Martin K. Peylo, Silke Holtmanns
-
Patent number: 10887170Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising a transceiver arranged to insertably interface with an integrated module, at least one processing core configured to enable the integrated module to be connected, via the apparatus, to a network, the transceiver being configured to receive from the integrated module information enabling the apparatus to become an endpoint of a connection to a network node, and the at least one processing core being configured to receive, using the connection, a computer program for operating the apparatus. In some embodiments, the integrated module comprises a universal integrated circuit card and a secure execution environment.Type: GrantFiled: March 5, 2013Date of Patent: January 5, 2021Assignee: Nokia Technologies OyInventors: Silke Holtmanns, Rune Lindholm
-
Patent number: 10791456Abstract: A method, apparatus and computer program product are provided to selectively accept requests for communication that may be supported by different identification profiles with the selective acceptance being based upon a predefined criteria, such as the cost of the communications. In the context of a method, a request for communications is received from a network operator. The communications with the network operator are supported by a first of a plurality of identification profiles. The method also includes determining, relative to a predefined criteria, whether the communications should be supported by the first identification profile or by another identification profile configured to support communications with another network operator. In an instance in which the communications should be supported by another identification profile, the method causes the request for communications to be denied.Type: GrantFiled: October 22, 2013Date of Patent: September 29, 2020Assignee: Nokia Technologies OyInventors: Silke Holtmanns, Chaitra Shanthappa
-
Publication number: 20200186999Abstract: It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.Type: ApplicationFiled: May 14, 2018Publication date: June 11, 2020Inventors: Anja Jerichow, Silke Holtmanns
-
Patent number: 10602396Abstract: This document discloses a solution for detecting and mitigating anomalies such as signalling storms in a radio access network of a wireless communication system. According to an aspect, there is disclosed a method including receiving, in a first local traffic analysis module, configuration parameters from a second local traffic analysis module or from a central traffic analysis module connected to a plurality of local traffic analysis modules; monitoring, by a first traffic analysis module by using the received configuration parameters, traffic in a radio access network of a wireless communication system; detecting, in the monitored traffic on the basis of the configuration parameters, an anomaly causing a control plane signalling load; and in response to said detecting, taking an action to mitigate the anomaly and reporting information on the anomaly to the central traffic analysis module.Type: GrantFiled: October 17, 2017Date of Patent: March 24, 2020Assignee: Nokia Solutions and Networks OyInventors: Aapo Kalliola, Ian Justin Oliver, Yoan Jean Claude Miche, Silke Holtmanns, Amaanat Ali, Pekka Kuure
-
Patent number: 10555163Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding handling of certificates for embedded Universal Integrated Circuit Cards. The present invention comprises composing, by a management entity, such as a subscription manager, a deletion command message for deleting certificates from an embedded universal integrated circuit card, eUICC, on which a plurality of certificates is pre-installed, the deletion command message including information on certificates to be deleted and an authorization of the management entity, and transmitting the deletion command message to the eUICC.Type: GrantFiled: January 27, 2015Date of Patent: February 4, 2020Assignee: NOKIA SOLUTIONS AND NETWORKS OYInventors: Silke Holtmanns, Martin Karl Peylo
-
Patent number: 10524188Abstract: Method, apparatus and computer program for receiving an identification of an application that has issued a connectivity request for cellular communications with a cellular network; determining an access point name to be used for providing the identified application with the cellular communications; and verifying whether the identified access point name use is allowable with the identified application and accordingly allowing or preventing said use.Type: GrantFiled: November 12, 2014Date of Patent: December 31, 2019Assignee: Nokia Technologies OyInventors: Sami Johannes Kekki, Silke Holtmanns
-
Patent number: 10484187Abstract: A method, apparatus and computer program in which a cellular terminal: transmits a request that requires authentication procedure triggering to a cellular network and responsively receiving from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms; decodes the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal; based on the decoded authentication request, the shared secret and the selected cryptographic algorithm, produces and encrypts an authentication response message; and transmits the authentication response message to the cellular network.Type: GrantFiled: May 20, 2014Date of Patent: November 19, 2019Assignee: Nokia Technologies OyInventors: Hannu Bergius, Silke Holtmanns
-
Patent number: 10447653Abstract: An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.Type: GrantFiled: December 18, 2014Date of Patent: October 15, 2019Assignee: NOKIA SOLUTIONS AND NETWORKS OYInventors: Silke Holtmanns, Ian Justin Oliver