Patents by Inventor Jay Rajput

Jay Rajput has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250133095
    Abstract: Various embodiments of the present technology generally relate to systems and methods for network intrusion detection. In certain embodiments, a network traffic analysis system may comprise one or more processors, and a memory having stored thereon instructions. The instructions, upon execution, may cause the one or more processors to receive, from a first network function (NF) in a communication exchange on a 5G network, a first copy of traffic from the communication exchange, determine whether a second copy of traffic corresponding to the first copy of traffic has been received from a second NF in the communication exchange, and in response to not receiving the second copy of traffic, issue a security notification to the first NF indicating a network intrusion.
    Type: Application
    Filed: October 23, 2023
    Publication date: April 24, 2025
    Inventors: Jay Rajput, Virendra Singh, Abhilash Valappil Kunnummal, John Mohan Raj
  • Publication number: 20250119737
    Abstract: Various embodiments of the present technology generally relate to systems and methods for preventing malicious service access over long-lived connections. In certain embodiments, a network traffic analysis system may comprise one or more processors, and a memory having stored thereon instructions. The instructions, upon execution, may cause the one or more processors to receive, from a first network function (NF) on a 5G network, a copy of a message sent over a long-lived connection between the first NF and a second NF on the 5G network, the copy of the message including details for a transport layer security (TLS) certificate involved in the long-lived connection. The network traffic analysis system may compare the details against a list of revoked certificates to determine whether the TLS certificate has been revoked, and when the TLS certificate has been revoked, send a notification directing the first NF to close the long-lived connection.
    Type: Application
    Filed: October 6, 2023
    Publication date: April 10, 2025
    Inventors: Virendra Singh, Jay Rajput, Abhilash Valappil Kunnummal
  • Patent number: 12262208
    Abstract: A method for performing a location and velocity check at an SEPP to protect against a spoofing attack includes receiving an SBI request message relating to authentication of UE. The method further includes querying a database NF to obtain previous authentication information for the UE, the previous authentication information including a previous network identifier and a previous authentication time for the UE. The method further includes receiving a response from the database NF, the response including the previous network identifier and the previous authentication time.
    Type: Grant
    Filed: April 14, 2023
    Date of Patent: March 25, 2025
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Ashish Jyoti Sharma, Jay Rajput, John Nirmal Mohan Raj
  • Patent number: 12245056
    Abstract: A method for error information propagation from an SCP to a NF to support a circuit breaker design at the consumer NF includes receiving, at the SCP and from the consumer NF, a first SBI service request message. The method further includes attempting, by the SCP, to forward the first SBI service request to N producer NF instances. The method further includes detecting, by the SCP, an error involving the N producer NF instances. The method further includes performing, by the SCP, successful alternate routing of the first SBI service request message to an (N+1) th producer NF instance. The method further includes receiving, by the SCP, a success response message from the (N+1) th producer NF instance. The method further includes propagating, by the SCP, with the success response message and to the consumer NF, error information regarding the N producer NF instances.
    Type: Grant
    Filed: March 28, 2022
    Date of Patent: March 4, 2025
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Virendra Singh, Ankit Srivastava
  • Publication number: 20250071094
    Abstract: A method for automatically generating and distributing firewall rules to filter service-based interface (SBI) messages relating to new or updated services includes maintaining a repository of firewall rules for updating a ruleset used by a core network firewall to filter SBI messages transmitted in a core network. The method further includes automatically retrieving, from an online archive of Third Generation Partnership Project (3GPP) standards documents, definitions of service operations performed on SBI interfaces in the core network. The method further includes automatically generating firewall rules based on the definitions of the service operations. The method further includes storing the firewall rules in the repository of firewall rules. The method further includes automatically distributing the firewall rules in the repository of firewall rules to the core network firewall.
    Type: Application
    Filed: August 22, 2023
    Publication date: February 27, 2025
    Inventors: Jay Rajput, John Nirmal Mohan Raj, Ashish Jyoti Sharma
  • Patent number: 12206649
    Abstract: A method for selective inter-PLMN security handshake validation includes receiving, at a SEPP, a first inter-PLMN security handshake request message. The method further includes performing, by the SEPP and in an SEPP trust relationship database, a lookup to determine whether the first inter-PLMN security handshake request message originates from a trusted SEPP. The method further includes determining that the first inter-PLMN security handshake request message does not originate from a trusted SEPP, and, in response, performing, by the SEPP, an inter-PLMN security handshake validation procedure on the first inter-PLMN security handshake request message. The method further includes determining that the first inter-PLMN security handshake request message fails the inter-PLMN security handshake validation procedure, and, in response, performing a network protective operation.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: January 21, 2025
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Virendra Singh, John Nirmal Mohan Raj
  • Patent number: 12192764
    Abstract: A method for delegated authorization at a security edge protection proxy (SEPP) includes intercepting, from a consumer network function (NF) that does not support access token based authorization, a service based interface (SBI) service request for accessing a service provided by a producer NF that requires access token based authorization. The method further includes operating as an access token authorization client to obtain a first access token on behalf of the consumer NF. The method further includes using the first access token to enable the consumer NF to access the service provided by the first producer NF. The SEPP may also operate as an access token authorization server on behalf of an NRF that does not support access-token-based authorization.
    Type: Grant
    Filed: March 11, 2021
    Date of Patent: January 7, 2025
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Virendra Singh, Ankit Srivastava
  • Publication number: 20240414144
    Abstract: A method for automatically binding an SBI communications digital certificate lifecycle to an NF lifecycle includes receiving, at an NRF, an NF deregister request message for deregistering an NF. The method further includes generating, by the NRF and in response to the NF deregister request message or successful completion of deregistration of the NF, a certificate revocation request message for revoking at least one digital certificate used by NF for SBI communications. The method further includes transmitting, by the NRF, the certificate revocation request message to a certificate authority. The method further includes receiving, by the NRF, an NF register request message identifying the NF. The method further includes determining, by the NRF, that the at least one digital certificate of the NF has been revoked.
    Type: Application
    Filed: June 7, 2023
    Publication date: December 12, 2024
    Inventors: Pavani Chirala, Jay Rajput, Virendra Singh
  • Publication number: 20240349057
    Abstract: A method for performing a location and velocity check at an SEPP to protect against a spoofing attack includes receiving an SBI request message relating to authentication of UE. The method further includes querying a database NF to obtain previous authentication information for the UE, the previous authentication information including a previous network identifier and a previous authentication time for the UE. The method further includes receiving a response from the database NF, the response including the previous network identifier and the previous authentication time.
    Type: Application
    Filed: April 14, 2023
    Publication date: October 17, 2024
    Inventors: Ashish Jyoti Sharma, Jay Rajput, John Nirmal Mohan Raj
  • Publication number: 20240349059
    Abstract: A method for performing a location and velocity check at a security edge protection proxy (SEPP) using a service communication proxy (SCP) includes receiving, at an SEPP, an SBI request message relating to a user equipment (UE). The method further includes querying, by the SEPP, a service communication proxy (SCP) to obtain information indicative of a last known update of the UE with the home network of the UE. The method further includes receiving, at the SEPP, a response from the SCP, the response including the information indicative of the last known update of the UE. The method further includes reading, by the SEPP and from the response, the information indicative of the last known update of the UE. The method further includes performing, by the SEPP and using the information indicative of the last known update of the UE, a location and velocity check for the UE. The method further includes performing a network security action based on results of the location and velocity check.
    Type: Application
    Filed: April 14, 2023
    Publication date: October 17, 2024
    Inventors: Ashish Jyoti Sharma, Jay Rajput, John Nirmal Mohan Raj
  • Publication number: 20240283661
    Abstract: A method for protecting against unauthorized use of CMP client identity private keys and CMP public key certificates associated with NFs includes receiving, by a CMP CA proxy, a first CMP certificate request for renewing a security certificate associated with a first NF, the CMP certificate request including a public key certificate associated with the first NF and is protected by a CMP client identity private key associated with the first NF.
    Type: Application
    Filed: February 22, 2023
    Publication date: August 22, 2024
    Inventors: Jay Rajput, Virendra Singh, Pavani Chirala
  • Publication number: 20240264854
    Abstract: A method for using an optimized token bucket algorithm for ingress message rate limiting across distributed producer network function (NF) applications includes implementing a producer NF instance as distributed producer NF applications and implementing distributed ingress gateways (IGWs) for performing ingress message rate limiting for the distributed producer NF applications. The method further includes maintaining, for each of the distributed IGWs, a local token bucket for rate limiting of ingress service-based interface (SBI) request messages received by each of the distributed IGWs and maintaining a distributed token bucket for refilling the local token buckets.
    Type: Application
    Filed: February 3, 2023
    Publication date: August 8, 2024
    Inventors: Jay Rajput, John Nirmal Mohan Raj, Ashish Jyoti Sharma, Vijit Gosain
  • Publication number: 20240250989
    Abstract: A method for improving inter-PLMN routing by implementing health checks for remote SEPPs includes storing a target SEPP database including records corresponding to remote SEPPs to which SBI request messages can be routed. The method further includes receiving SBI request messages destined for NFs in PLMNs protected by the remote SEPPs, using the target SEPP database to select and route messages to the remote SEPPs. The method further includes, for each of the remote SEPPs, sending a health check message to the remote SEPP, determining, based on a response or lack of a response to the health check message that the remote SEPP is unhealthy or unreachable, and, in response, removing a record for the remote SEPP from the target SEPP database or marking the record for the remote SEPP to indicate that the remote SEPP is unhealthy or unreachable.
    Type: Application
    Filed: January 19, 2023
    Publication date: July 25, 2024
    Inventors: Jay Rajput, Virendra Singh, John Nirmal Mohan Raj
  • Patent number: 12041078
    Abstract: The subject matter described herein includes a method for reducing the likelihood of successful denial of service (DoS) attacks by validating overload control information (OCI) scope information against network function (NF) profile information obtained using target resource identification information. The method includes receiving a service based interface (SBI) request message, obtaining, from the SBI request message, target resource identification information, obtaining NF profile information using the target resource identification information and storing the NF profile information, receiving an SBI response message including overload control information and scope information for the overload control information, using the stored NF profile information to determine whether the scope information for the overload control information is valid, and, in response to determining that the scope information for the overload control information is invalid, rejecting the SBI response message.
    Type: Grant
    Filed: September 7, 2021
    Date of Patent: July 16, 2024
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Virendra Singh, Ankit Srivastava
  • Publication number: 20240236677
    Abstract: A method for providing a security edge protection proxy (SEPP) router for routing messages between roaming hub SEPPs includes registering, at an SEPP router, a first roaming hub SEPP. Registering the first roaming hub SEPP includes receiving an NFRegister request from the first roaming hub SEPP, the NFRegister request including an NF profile of the first roaming hub SEPP, and storing, by the SEPP router, at least a portion of the NF profile of the first roaming hub SEPP. The method further includes receiving, at the SEPP router, a service-based interface (SBI) request message from a second roaming hub SEPP, and determining, by the SEPP router, a public land mobile network (PLMN) as an intended destination for the SBI request message. The method further includes routing, by the SEPP router, the SBI request message to the first roaming hub SEPP.
    Type: Application
    Filed: January 11, 2023
    Publication date: July 11, 2024
    Inventors: Jay Rajput, Virendra Singh, John Nirmal Mohan Raj
  • Publication number: 20240163660
    Abstract: A method for providing a shared SEPP for roaming aggregators includes, at a shared SEPP that functions as a single point of ingress and egress between an MVNO PLMN and an MNO PLMN and between the MVNO PLMN and MNO PLMNs and external networks, receiving a first service-based interface (SBI) request message from the MVNO PLMN. The method further includes determining, by the shared SEPP, that the first SBI request message is destined for the MNO PLMN, and, in response, routing the first SBI request message to the MNO PLMN. The method further includes receiving a second SBI request message from the MVNO PLMN and determining that the second SBI request message is destined for one of the external networks, and, in response, routing the second SBI request message to the one external network. The shared SEPP may apply security measures for messages transmitted to and from the MNO PLMN and the MVNO PLMN.
    Type: Application
    Filed: November 10, 2022
    Publication date: May 16, 2024
    Inventors: John Nirmal Mohan Raj, Nikita Satish Nair, Jay Rajput
  • Patent number: 11979369
    Abstract: A method for providing for optimized service based interface (SBI) communications by performing network function (NF) fully qualified domain name (FQDN) resolution at an NF repository function (NRF) includes, at an NRF including at least one processor, receiving NF register requests including NF profiles and/or NF service profiles, at least some of which include FQDNs and do not include Internet protocol (IP) addresses. The method further includes storing the NF profiles and/or NF service profiles in an NF profiles database. The method further includes resolving the FQDNs in NF profiles and/or NF service profiles into IP addresses. The method further includes receiving NF discovery requests. The method further includes generating lists of NF profiles and/or NF service profiles that match query parameters in the NF discovery requests. The method further includes providing the lists of NF profiles and/or NF service profiles including the IP addresses to consumer NFs in NF discovery responses.
    Type: Grant
    Filed: September 21, 2021
    Date of Patent: May 7, 2024
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Virendra Singh, Amarnath Jayaramachar
  • Patent number: 11950178
    Abstract: A method for optimized routing of service based interface (SBI) request messages to remote network function (NF) repository functions (NRFs) using indirect communications via a service communication proxy (SCP) includes, at an SCP including at least one processor, receiving an SBI request message. The method further includes forwarding the SBI request message to a remote NRF. The method further includes determining that the remote NRF is unable to process the SBI request message, and, in response to determining that the remote NRF is unable, identifying a georedundant mate of the remote NRF. The method further includes forwarding the SBI request message to the georedundant mate NRF of the remote NRF that is unable to process the SBI request message.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: April 2, 2024
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Virendra Singh, Jay Rajput, Ankit Srivastava
  • Patent number: 11943616
    Abstract: Methods, systems, and computer readable media for ingress message rate limiting are disclosed. One method includes, at a network node, receiving a service request message from a service consumer network function and extracting, from the received service request message, an access token that includes a consumer network function instance identifier identifying the service consumer network function. The method further includes determining, using the consumer network function instance identifier, that an allowed ingress message rate associated with the service consumer network function has been reached or exceeded and in response to determining that the allowed ingress message rate associated with the service consumer network function has been reached or exceeded, performing a message rate limiting action.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: March 26, 2024
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Shashikiran Bhalachandra Mahalank, Ankit Srivastava
  • Publication number: 20240080300
    Abstract: A method for automatic configuration and use of Category 1 message filtering rules includes, at a network function (NF), subscribing, with an NF repository function (NRF), to receive notification of NF profile changes. The method further includes receiving, from the NRF and as a result of the subscribing, notification of an NF profile change. The method further includes automatically configuring, based on the notification of the NF profile change, at least one Category 1 message filtering rule implemented. The method further includes using the at least one Category 1 message filtering rule to filter service based interface (SBI) messages.
    Type: Application
    Filed: September 2, 2022
    Publication date: March 7, 2024
    Inventors: Jay Rajput, Virendra Singh, John Nirmal Mohan Raj