Patents by Inventor Andreas Kunz

Andreas Kunz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12659735
    Abstract: Apparatuses, methods, and systems are disclosed for supporting remote unit reauthentication. One apparatus apparatus includes a processor and a transceiver that sends a first authentication message to a network function in a mobile communication network and receives a second authentication message from the network function in response to the first authentication message. Here, the first authentication message contains an indicator that the apparatus supports EAP Reauthentication Protocol and the second authentication message contains a key management domain name indicating a group of network functions that can share reauthentication security context. The processor derives reauthentication security context in response to successful authentication with the mobile communication network and locally stores the received key management domain name and the derived reauthentication security context for subsequent reauthentication with the mobile communication network.
    Type: Grant
    Filed: June 5, 2020
    Date of Patent: June 16, 2026
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Andreas Kunz, Apostolis Salkintzis, Sheeba Backia Mary Baskaran
  • Patent number: 12659740
    Abstract: Apparatuses, methods, and systems are disclosed for registration authentication based on a capability. One method includes receiving, at a second network device from a first network device, an indication for a capability for a registration. The method includes transmitting, to a third network device, a first request for a type of authentication procedure for the registration. The method includes transmitting, to a remote unit, a second request. The second request corresponds to the type of authentication procedure for the registration. The method includes receiving, from the remote unit, a response to the second request. The response corresponds to a stored credential in the remote unit.
    Type: Grant
    Filed: March 14, 2022
    Date of Patent: June 16, 2026
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Roozbeh Atarius, Andreas Kunz, Genadi Velev
  • Patent number: 12647267
    Abstract: Various aspects of the present disclosure relate to attribute-based credentials for resource access. An apparatus, such as a UE, generates one or more credentials comprising one or more first public keys and one or more attributes associated with a service request. The apparatus communicates a credential issuance request comprising at least a portion of the one or more credentials, and receives, based at least in part on the credential issuance request, one or more signed credentials comprising one or more encrypted root keys and one or more encrypted subscription identities associated with the service request.
    Type: Grant
    Filed: May 24, 2024
    Date of Patent: June 2, 2026
    Assignee: Lenovo (Singapore) Pte Ltd
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran
  • Patent number: 12647787
    Abstract: Apparatuses, methods, and systems are disclosed for network function reallocation with security context. One apparatus includes a processor and a transceiver. The processor is configured to detect, at a first network function of a mobile wireless communication network, that the first network function cannot serve a requested network slice from a user equipment (“UE”) device. The transceiver is configured to send, from the first network function via a second network function, a reroute message to a third network function of the mobile wireless communication network. The reroute message includes an initial non-access stratum (“NAS”) message retrieved during NAS security mode command (“SMC”) procedure with the UE device and a security configuration. The third network function uses the initial NAS message and the security configuration to determine a security context for the UE device and serve the requested network slice from the UE device.
    Type: Grant
    Filed: June 28, 2021
    Date of Patent: June 2, 2026
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran, Genadi Velev
  • Publication number: 20260149579
    Abstract: Various aspects of the present disclosure relate to a mechanism that stores, for every subscription (e.g., each subscription permanent identifier, or SUPI, for subscribers of a network) individual key identifiers for the subscription in a reverse hash chain. For example, the mechanism, employed by a UE, may utilize a key identifier nonce and a key identifier hash chain length, generate a hash chain using the key identifier nonce as an initial value, where the hash chain has the key identifier hash chain length, select a last key identifier from the hash chain as a key identifier for a root key, and generate a concealed identifier for the UE using the root key (or a key derived from the root key).
    Type: Application
    Filed: January 12, 2026
    Publication date: May 28, 2026
    Inventors: Andreas KUNZ, Sheeba Backia Mary BASKARAN
  • Publication number: 20260149970
    Abstract: Apparatuses, methods, and systems are disclosed for supporting trusted non-3GPP gateway function (TNGF) reauthentication. A user equipment (UE) may include a processor coupled with at least one memory and configured to cause the UE to transmit a first extensible authentication protocol (EAP) message comprising a network access identifier (NAI) and receive a first EAP challenge packet in response to the NAI comprising the reauthentication identifier, wherein the NAI comprises a reauthentication identifier that indicates that the UE requests to reauthenticate with a gateway function, and wherein the first EAP challenge packet is used to authenticate the gateway function.
    Type: Application
    Filed: November 24, 2025
    Publication date: May 28, 2026
    Inventors: Apostolis Salkintzis, Sheeba Backia Mary Baskara, Andreas Kunz
  • Patent number: 12641428
    Abstract: Apparatuses, methods, and systems are disclosed for setting up multiple user plane (“UP”) security contexts. One apparatus includes a transceiver and a processor that derives distinct UP integrity and ciphering keys for a selected central unit user plane (“CU-UP”) node in the RAN, said derivation using a key derivation function. The processor assigns a UP Security Indicator to uniquely identify the derived distinct UP integrity and ciphering keys and the transceiver sends a setup request to the selected CU-UP node, said setup request containing the UP Security Indicator and the distinct UP integrity and ciphering keys. The transceiver receives a setup response from the selected CU-UP node and the processor activates distinct UP security at a UE.
    Type: Grant
    Filed: April 24, 2021
    Date of Patent: May 26, 2026
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Sheeba Backia Mary Baskaran, Andreas Kunz, Genadi Velev, Prateek Basu Mallick, Joachim Loehr, Hyung-Nam Choi
  • Publication number: 20260143342
    Abstract: Apparatuses, methods, and systems are disclosed for accessing a denied network resource. One apparatus includes a processor coupled with at least one memory and configured to cause the apparatus to transmit a registration request comprising a set of one or more network slices; receive a registration response comprising an empty allowed network slice selection assistance information (NSSAI) parameter; determine based on the empty allowed NSSAI parameter, to avoid other network services except emergency services; transmit an authentication response associated with a network slice specific authentication and authorization (NSSAA) procedure; and receive a reply message indicating that access to a network slice by a user equipment (UE) is denied due to a failed NSSAA of the UE or a revoked authorization of the UE.
    Type: Application
    Filed: January 14, 2026
    Publication date: May 21, 2026
    Inventors: Genadi Velev, Andreas Kunz
  • Publication number: 20260143340
    Abstract: Apparatuses, methods, and systems are disclosed for supporting gateway function reauthentication. One method includes generating a user equipment (UE) context for a UE in response to successful authentication of the UE; receiving a first request for the UE context from a first network function, the first request indicating that a second gateway function is to serve the UE, wherein the first request comprises a first set of parameters; deriving a first security key using at least one of the first set of parameters and a second security key stored in the UE context; and transmitting a modified UE context to the first network function, the modified UE context comprising the first security key.
    Type: Application
    Filed: January 9, 2026
    Publication date: May 21, 2026
    Inventors: Apostolis Salkintzis, Sheeba Backia Mary Baskaran, Andreas Kunz
  • Publication number: 20260136190
    Abstract: Apparatuses, methods, and systems are disclosed for supporting gateway function reauthentication. One method includes receiving, from a target gateway function, a first request for a user equipment (UE) context, wherein the first request comprises a first set of parameters and identifies a source gateway function; transmitting, to the source gateway function, a second request indicating that the target gateway function is to serve a UE identified by the UE context, wherein the second request comprises the first set of parameters; receiving the UE context from the source gateway function; and transmitting the UE context to the target gateway function.
    Type: Application
    Filed: January 9, 2026
    Publication date: May 14, 2026
    Inventors: Apostolis Salkintzis, Sheeba Backia Mary Baskaran, Andreas Kunz
  • Publication number: 20260129447
    Abstract: Various aspects of the present disclosure relate to establishing security in a common application programming interface framework. An apparatus for wireless communication implements a first common application programming interface (API) framework (CAPIF) core function (CCF). The apparatus receives a first signaling indicating a first authentication request corresponding to an API invoker, the first authentication request including one or more of an API invoker identifier (ID) of the API invoker, an API exposing function (AEF) information, or service API information. The apparatus transmits, to a second CCF, a second signaling indicating a second authentication request, wherein the second authentication request includes one or more of the API invoker ID, an API invoker uniform resource indicator (URI), the indication of the AEF, the service API information, a pre-shared key for the AEF, or a root certifying authority (CA) for a certificate of the API invoker.
    Type: Application
    Filed: November 1, 2024
    Publication date: May 7, 2026
    Applicant: Lenovo (United States) Inc.
    Inventors: Sheeba Backia Mary Baskaran, Andreas Kunz
  • Publication number: 20260128876
    Abstract: Various aspects of the present disclosure relate to receiving a first request message comprising a first set of parameters. Aspects of the present disclosure may relate to determining, based on the first set of parameters and a corresponding set of parameters stored in an internet-of-things (IoT) device, a mismatch of a sequence number (SQN) or a security key. Aspects of the present disclosure may relate to generating a synchronization ID based on a device SQN. Aspects of the present disclosure may relate to transmitting a response message comprising at least an expected result based on a default ID of the IoT device, and the device SQN.
    Type: Application
    Filed: November 1, 2024
    Publication date: May 7, 2026
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran
  • Publication number: 20260129438
    Abstract: Various aspects of the present disclosure relate to transmitting a first request message comprising a first set of parameters. Aspects of the present disclosure may relate to receiving a first response message comprising an indication that a device is unreachable. Aspects of the present disclosure may relate to resetting a sequence number (SQN) and a device profile for the device in response to the first response message. Aspects of the present disclosure may relate to transmitting a second request message comprising a second set of parameters, wherein the second set of parameters comprises a default identifier (ID) of the device, a nonce, and the SQN. Aspects of the present disclosure may relate to receiving a second response message from the device comprising a result based on the default ID.
    Type: Application
    Filed: November 1, 2024
    Publication date: May 7, 2026
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran
  • Publication number: 20260127052
    Abstract: Various aspects of the present disclosure relate to application programming interface (API) access for interconnected API framework core functions (CCFs) for wireless communication. A device implements a first CCF that is interconnected with a second CCF. The device obtains an indication that one or more service APIs are associated with the second CCF and receives a request to onboard an API invoker to access at least one service API of one or more service APIs associated with the first CCF or the service APIs associated with the second CCF. The service APIs associated with the first CCF and the second CCF correspond to respective CCF addresses or respective CCF identifiers (IDs). The device transmits a response to the request that indicates one or more of the respective CCF addresses or the respective CCF IDs corresponding to the service APIs associated with the first CCF and the second CCF.
    Type: Application
    Filed: November 1, 2024
    Publication date: May 7, 2026
    Applicant: Lenovo (United States) Inc.
    Inventors: Sheeba Backia Mary Baskaran, Andreas Kunz
  • Patent number: 12621660
    Abstract: Various aspects of the present disclosure relate to key identification for mobile edge computing functions. An apparatus includes at least one memory and at least one processor that is configured to generate a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service, derive a key for a network function based on a corresponding root key and the generated KSI, the KSI provided as input to a key derivation function (“KDF”), and transmit an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the KSI.
    Type: Grant
    Filed: February 8, 2022
    Date of Patent: May 5, 2026
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran
  • Patent number: 12615510
    Abstract: Apparatuses, methods, and systems are disclosed for key-based authentication for a mobile edge computing network. One method (800) includes deriving (805), at a user equipment, a first network key after authentication with a network function of a wireless core network, deriving (810) a second network key based on the first network key, the second network key for a first network function of a mobile edge computing network, sending (815) a registration request message to the first network function of the mobile edge computing network, the registration request message integrity protected with the second network key, receiving (820) a registration response message from the first network function, and, in response to verifying the integrity of the registration response message using the second network key, establishing (825) a secure communication with the first network function of the mobile edge computing network based on the second network key.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: April 28, 2026
    Assignee: Lenovo (Beijing) Limited
    Inventors: Andreas Kunz, Sheeba Bakia Mary Baskaran, Tingfang Tang
  • Publication number: 20260099516
    Abstract: A system may include a user data store containing items, each item containing an item identifier. The items might comprise, for example, files and file names arranged in a hierarchy. A context enhancement platform may then receive a user request from a user device. The context enhancement platform constructs and outputs a first Large Language Model (“LLM”) query, from a context selector to a first LLM. The first LLM query may be, for example, designed to select relevant items from the user data store. Based on a response to the first LLM query, the context enhancement platform constructs and outputs a second LLM query, from a prompt generator to a second LLM. The second LLM query may, according to some embodiments, include information about the user request and information about the relevant items.
    Type: Application
    Filed: October 7, 2024
    Publication date: April 9, 2026
    Inventors: Felix SCHUBERT, Georgi Savov DAMYANOV, Martin HAEUSER, Andreas KUNZ
  • Patent number: 12598544
    Abstract: Apparatuses, methods, and systems are disclosed for correlating a user equipment and an access and mobility management function. One method (900) includes determining (902), at a first network device, a correlation between a user equipment identifier for a user equipment and an access and mobility management function identifier for an access and mobility management function. The method (900) includes storing (904), by the first network device, correlation information indicating the correlation between the user equipment identifier and the access and mobility management function identifier. The method (900) includes receiving (906), at the first network device, a request from a second network device, wherein the request comprises the user equipment identifier. The method (900) includes determining (908), by the first network device, the access and mobility management function identifier using the user equipment identifier in the request.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: April 7, 2026
    Assignee: Lenovo (Beijing) Limited
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran, Tingfang Tang
  • Publication number: 20260095446
    Abstract: Apparatuses, methods, and systems are disclosed for accessing a non-public network (NPN) using external credentials. One method of an authentication proxy includes receiving a registration request for a user equipment (UE), wherein the UE does not have a subscription with the mobile communication network; identifying a service provider of the UE; transmitting an authentication message to an authentication, authorization and accounting (AAA) server of the identified service provider; receiving an authentication response from the AAA server in response to successful authentication of the UE, the authentication response comprising a master session key (MSK); and deriving a set of security keys using the MSK.
    Type: Application
    Filed: December 9, 2025
    Publication date: April 2, 2026
    Inventors: Andreas Kunz, Sheeba Backia Mary Baskaran, Genadi Velev
  • Patent number: 12592919
    Abstract: Apparatuses, methods, and systems are disclosed for re-authentication key generation. One method (1100) includes transmitting (1102) a re-authentication key with a key set identifier in an extensible authentication protocol message. The re-authentication key is generated using: a public land mobile network identifier; a serving network name identifier; a trusted network domain name identifier; a trusted gateway function identifier; a subscription permanent identifier; a network access identifier; a user equipment identifier; a reauthentication code; a separator; a length of a parameter; or some combination thereof.
    Type: Grant
    Filed: February 22, 2021
    Date of Patent: March 31, 2026
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Sheeba Backia Mary Baskaran, Andreas Kunz