Patents by Inventor Silke Holtmanns

Silke Holtmanns has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11844014
    Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.
    Type: Grant
    Filed: April 3, 2020
    Date of Patent: December 12, 2023
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Nagendra S Bykampadi, Jani Ekman, Silke Holtmanns
  • Publication number: 20220248220
    Abstract: A system for securing control plane traffic in a sliced communication network that is adapted to run a plurality of network functions includes a plurality of security guards, each placed at an edge of an internal security zone, wherein the internal security zone is formed by grouping one or more network functions. Each security guard is configured to receive an incoming message from a requestor external to corresponding internal security zone and validate the extracted information against each other, and against a service specification policy for the communication network, and against threat intelligence analytics data. Each security guard is configured to compute one or more risk scores indicating risk perception or incidence of attack for its associated internal security zone and to initiate one or more attack preventive measures if a computed risk score exceeds a predetermined threshold. such as modifying or correcting or dropping the incoming message.
    Type: Application
    Filed: January 31, 2022
    Publication date: August 4, 2022
    Inventors: Cathal Mc Daid, Silke Holtmanns
  • Patent number: 11381964
    Abstract: A cellular terminal detects any capability reporting trigger and responsively to such determination produces a cellular network authentication capabilities message indicative of cellular network authentication capabilities available for the terminal; and transmits the cellular network authentication capabilities message to the cellular network. The cellular network receives the network authentication capabilities message from a cellular terminal, selects a cellular authentication algorithm based on capabilities indicated by the network authentication capabilities message; and performs cellular authentication with the cellular terminal using the selected cellular authentication algorithm.
    Type: Grant
    Filed: May 20, 2014
    Date of Patent: July 5, 2022
    Assignee: Nokia Technologies Oy
    Inventors: Hannu Bergius, Silke Holtmanns
  • Publication number: 20220159431
    Abstract: Methods and apparatus, including computer program products, are provided In one aspect there is provided a method. The method may include detecting, at a first node, an event; generating, at the first node, a message in response to the detected event; and sending, at the first node, the message to at least a second node to enable the second node to determine at least one of a reliability or an importance of the message. Related apparatus, systems, methods, and articles are also described.
    Type: Application
    Filed: February 1, 2022
    Publication date: May 19, 2022
    Inventors: Martti Moisio, Silke Holtmanns, Mikko Uusitalo, Zexian Li, Ilkka Keskitalo
  • Publication number: 20220124501
    Abstract: A user plane network entity of a 5G core network performs: obtaining GPRS Tunneling Protocol User Plane (GTP-U) tunneling information of a new or updated protocol data unit (PDU) session from a control plane network entity of the 5G core network; and adjusting according to the obtained GTP-U tunneling information a GTP-U firewall for selectively allowing to pass through only GTP-U traffic concerning GTP-U tunnels defined by the GTP-U tunneling information. The control plane network entity performs: obtaining from control plane signaling the GTP-U tunneling information and communicating same to the GTP-U firewall. A system containing the user plane network entity and the control plane network entity is also disclosed.
    Type: Application
    Filed: January 15, 2020
    Publication date: April 21, 2022
    Inventors: Nagendra S BYKAMPADI, Silke HOLTMANNS, Bruno LANDAIS
  • Publication number: 20220103599
    Abstract: Methods and apparatus are disclosed for unified security configuration management. A method may comprise: determine a security configuration to be executed; determine at least one security application which is installed on at least one node and is associated with the security configuration; format for the security configuration, instructions corresponding to each of the at least one security application, respectively; and send the instructions to the at least one node for respective configuration for each of the at least one security application.
    Type: Application
    Filed: January 2, 2019
    Publication date: March 31, 2022
    Inventors: Wei Zheng, Cheng Cai, Yulong Zhang, Xiaoguang Zhao, Silke Holtmanns, Ian Justin Oliver
  • Patent number: 11277721
    Abstract: Methods and apparatus, including computer program products, are provided in one aspect there is provided a method. The method may include detecting, at a first node, an event; generating, at the first node, a message in response to the detected event; and sending, at the first node, the message to at least a second node to enable the second node to determine at least one of a reliability or an importance of the message. Related apparatus, systems, methods, and articles are also described.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: March 15, 2022
    Assignee: Nokia Technologies Oy
    Inventors: Martti Moisio, Silke Holtmanns, Mikko Uusitalo, Zexian Li, Ilkka Keskitalo
  • Publication number: 20210377212
    Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a receiver configured to receive a message from a first security zone, distinct from the one where the apparatus is comprised in, and at least one processing core configured to determine whether to apply a recovery action to the message, the determination comprising a first verification, based on first criteria, to assess whether to apply the recovery action outright, and only in case the first verification does not result in the assessment to apply the recovery action outright, a second verification, based on second criteria, to generate a first weight and a third verification, based on third criteria, to generate a second weight, and to compare a sum of the first weight and the second weight to a predefined trigger to perform the determination.
    Type: Application
    Filed: May 20, 2019
    Publication date: December 2, 2021
    Inventors: Silke HOLTMANNS, Yoan Jean Claude MICHE, Nagendra S Bykampadi
  • Publication number: 20210306326
    Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for hop-by-hop security. A proposed method comprises receiving, at a first apparatus and from a second apparatus associated with a first network function, a message directed from the first network function to a second network function, the message comprising a first signature and network function information, the network function information at least comprising identification information of the first network function; in accordance with a successful validation of the first signature, updating the message with a second signature specific to a service communication proxy implemented by the first apparatus; and transmitting the updated message to a third apparatus associated with the second network function, the updated message comprising at least the second signature and the network function information.
    Type: Application
    Filed: January 27, 2021
    Publication date: September 30, 2021
    Inventors: Nagendra Bykampadi, Bruno Landais, Silke Holtmanns, Jani Petteri Ekman
  • Publication number: 20210297942
    Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.
    Type: Application
    Filed: April 3, 2020
    Publication date: September 23, 2021
    Inventors: Nagendra S Bykampadi, Jani Ekman, Silke Holtmanns
  • Patent number: 11032699
    Abstract: It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: June 8, 2021
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Anja Jerichow, Silke Holtmanns
  • Patent number: 10893069
    Abstract: In accordance with the example embodiments of the Invention there is at least a method and apparatus to detect that at least one message received from another network device of a communication network is in response to a prior message using a spoofed source address; based on the detecting, mirror the at least one message; and send to the another network device the mirrored at least one message to cause the another network device to filter out the at least one message in response to the prior message using the spoofed address. Further, there is at least a method and apparatus to receive from a network node signaling associated with at least one message; based on the signaling, detect that the at least one message is in response to a prior message using a spoofed source address; and based on the detecting, filter out the at least one message in response to the prior message using the spoofed source address.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: January 12, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Martin K. Peylo, Silke Holtmanns
  • Patent number: 10887170
    Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising a transceiver arranged to insertably interface with an integrated module, at least one processing core configured to enable the integrated module to be connected, via the apparatus, to a network, the transceiver being configured to receive from the integrated module information enabling the apparatus to become an endpoint of a connection to a network node, and the at least one processing core being configured to receive, using the connection, a computer program for operating the apparatus. In some embodiments, the integrated module comprises a universal integrated circuit card and a secure execution environment.
    Type: Grant
    Filed: March 5, 2013
    Date of Patent: January 5, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, Rune Lindholm
  • Patent number: 10791456
    Abstract: A method, apparatus and computer program product are provided to selectively accept requests for communication that may be supported by different identification profiles with the selective acceptance being based upon a predefined criteria, such as the cost of the communications. In the context of a method, a request for communications is received from a network operator. The communications with the network operator are supported by a first of a plurality of identification profiles. The method also includes determining, relative to a predefined criteria, whether the communications should be supported by the first identification profile or by another identification profile configured to support communications with another network operator. In an instance in which the communications should be supported by another identification profile, the method causes the request for communications to be denied.
    Type: Grant
    Filed: October 22, 2013
    Date of Patent: September 29, 2020
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, Chaitra Shanthappa
  • Publication number: 20200186999
    Abstract: It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.
    Type: Application
    Filed: May 14, 2018
    Publication date: June 11, 2020
    Inventors: Anja Jerichow, Silke Holtmanns
  • Patent number: 10602396
    Abstract: This document discloses a solution for detecting and mitigating anomalies such as signalling storms in a radio access network of a wireless communication system. According to an aspect, there is disclosed a method including receiving, in a first local traffic analysis module, configuration parameters from a second local traffic analysis module or from a central traffic analysis module connected to a plurality of local traffic analysis modules; monitoring, by a first traffic analysis module by using the received configuration parameters, traffic in a radio access network of a wireless communication system; detecting, in the monitored traffic on the basis of the configuration parameters, an anomaly causing a control plane signalling load; and in response to said detecting, taking an action to mitigate the anomaly and reporting information on the anomaly to the central traffic analysis module.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: March 24, 2020
    Assignee: Nokia Solutions and Networks Oy
    Inventors: Aapo Kalliola, Ian Justin Oliver, Yoan Jean Claude Miche, Silke Holtmanns, Amaanat Ali, Pekka Kuure
  • Patent number: 10555163
    Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding handling of certificates for embedded Universal Integrated Circuit Cards. The present invention comprises composing, by a management entity, such as a subscription manager, a deletion command message for deleting certificates from an embedded universal integrated circuit card, eUICC, on which a plurality of certificates is pre-installed, the deletion command message including information on certificates to be deleted and an authorization of the management entity, and transmitting the deletion command message to the eUICC.
    Type: Grant
    Filed: January 27, 2015
    Date of Patent: February 4, 2020
    Assignee: NOKIA SOLUTIONS AND NETWORKS OY
    Inventors: Silke Holtmanns, Martin Karl Peylo
  • Patent number: 10524188
    Abstract: Method, apparatus and computer program for receiving an identification of an application that has issued a connectivity request for cellular communications with a cellular network; determining an access point name to be used for providing the identified application with the cellular communications; and verifying whether the identified access point name use is allowable with the identified application and accordingly allowing or preventing said use.
    Type: Grant
    Filed: November 12, 2014
    Date of Patent: December 31, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Sami Johannes Kekki, Silke Holtmanns
  • Patent number: 10484187
    Abstract: A method, apparatus and computer program in which a cellular terminal: transmits a request that requires authentication procedure triggering to a cellular network and responsively receiving from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms; decodes the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal; based on the decoded authentication request, the shared secret and the selected cryptographic algorithm, produces and encrypts an authentication response message; and transmits the authentication response message to the cellular network.
    Type: Grant
    Filed: May 20, 2014
    Date of Patent: November 19, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Hannu Bergius, Silke Holtmanns
  • Patent number: 10447653
    Abstract: An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.
    Type: Grant
    Filed: December 18, 2014
    Date of Patent: October 15, 2019
    Assignee: NOKIA SOLUTIONS AND NETWORKS OY
    Inventors: Silke Holtmanns, Ian Justin Oliver