Patents by Inventor Markus STAUFER
Markus STAUFER has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12627498Abstract: Method comprising: monitoring whether a network receives an authorization request for establishing a session of an AF with a UE, wherein the authorization request comprises a permanent identifier of the AF, a received temporary identifier of the AF, and a temporary identifier of a UE; if the authorization request is received: forming a key identifier based on the temporary identifier of the UE; retrieving, based on the key identifier, a stored key and a first permanent identifier of the UE; calculating a calculated temporary identifier of the AF based on the permanent identifier of the AF and the stored key; checking whether the calculated temporary identifier of the AF is identical with the received temporary identifier of the AF; inhibiting authorizing the AF for the establishing the session with the UE if the calculated temporary identifier of the AF is not identical with the received temporary identifier of the AF.Type: GrantFiled: August 10, 2023Date of Patent: May 12, 2026Assignee: NOKIA TECHNOLOGIES OYInventors: Markus Staufer, Peter Schneider, Ranganathan Mavureddi Dhanasekaran, Saurabh Khare
-
Patent number: 12549365Abstract: There is provided an apparatus, method and computer program for causing a first apparatus to: obtain an identifier of a cryptographic key according to a first security communication protocol; signal, to a second apparatus, a first authentication request according to a second security communication protocol, the first authentication request comprising the identifier of the cryptographic key and a first verifying information according to a second security communication protocol, wherein the first verifying information comprises a first value calculated using the cryptographic key; receive, from the second apparatus, an authentication response according to the second security communication protocol, the authentication response comprising a second verifying information according to the second security communication protocol, wherein the second verifying information comprises a second value; and verify the second apparatus for the second security communication protocol using the second value and the cryptographicType: GrantFiled: August 9, 2023Date of Patent: February 10, 2026Assignee: Nokia Technologies OyInventors: Markus Staufer, Peter Schneider, Ranganathan Mavureddi Dhanasekaran
-
Patent number: 12520143Abstract: Techniques are disclosed for security management during an onboarding process for user equipment. For example, from a perspective of an onboarding network, a method comprises authenticating, via the onboarding network, user equipment based on an onboarding record previously configured for the user equipment or a set of user equipment and maintained by the onboarding network. Upon successful authentication, a communication session is established from the onboarding network to a provisioning server for remote provisioning of the user equipment. Advantageously, the onboarding process is performed without a default credential server.Type: GrantFiled: December 12, 2024Date of Patent: January 6, 2026Assignee: Nokia Technologies OyInventors: Markus Staufer, Rainer Liebhart, Sumesh Parameswaran Nair, Bo Holm Bjerrum
-
Patent number: 12328575Abstract: Techniques are disclosed for security management during an onboarding process for user equipment. For example, from a perspective of an onboarding network, a method comprises authenticating, via the onboarding network, user equipment based on an onboarding record previously configured for the user equipment or a set of user equipment and maintained by the onboarding network. Upon successful authentication, a communication session is established from the onboarding network to a provisioning server for remote provisioning of the user equipment. Advantageously, the onboarding process is performed without a default credential server.Type: GrantFiled: August 2, 2022Date of Patent: June 10, 2025Assignee: Nokia Technologies OyInventors: Markus Staufer, Rainer Liebhart, Sumesh Parameswaran Nair, Bo Holm Bjerrum
-
Publication number: 20250175798Abstract: According to an example aspect of the present invention, there is provided a method, comprising: obtaining (200) client credentials associated with a subscriber identity module of a user equipment, sending (210), to an authorization function, an access token request for an access token to authorize, for an application function outside a mobile network, access to a network exposure function of the mobile network, wherein the access token request comprises the client credentials, receiving (220) the access token issued by the authorization function, and sending (230) an access request to the network exposure function to access a service of the mobile network via the network exposure function, wherein the access request comprises the received access token.Type: ApplicationFiled: February 8, 2023Publication date: May 29, 2025Applicant: Nokia Technologies OyInventors: Peter ROST, Markus STAUFER
-
Publication number: 20250113187Abstract: Techniques are disclosed for security management during an onboarding process for user equipment. For example, from a perspective of an onboarding network, a method comprises authenticating, via the onboarding network, user equipment based on an onboarding record previously configured for the user equipment or a set of user equipment and maintained by the onboarding network. Upon successful authentication, a communication session is established from the onboarding network to a provisioning server for remote provisioning of the user equipment. Advantageously, the onboarding process is performed without a default credential server.Type: ApplicationFiled: December 12, 2024Publication date: April 3, 2025Inventors: Markus Staufer, Rainer Liebhart, Sumesh Parameswaran Nair, Bo Holm Bjerrum
-
Patent number: 12212961Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to transmit, by a user equipment, a concealed identifier of the user equipment to an onboarding network, wherein the concealed identifier of the user equipment indicates that the user equipment is requesting unauthenticated access to the onboarding network and execute, by the user equipment, a key generating authentication protocol to access the onboarding network without performing authentication of the user equipment.Type: GrantFiled: February 17, 2022Date of Patent: January 28, 2025Assignee: Nokia Technologies OyInventors: Markus Staufer, Bo Holm Bjerrum
-
Publication number: 20240414633Abstract: Methods, systems, apparatuses, and computer program products are provided for discovery and/or access to localized services provided by a communication network. In this regard, based on a tracking area code associated with a local network configured to provide localized services, a registration update process, a handover, or a state transition is initiated with respect to user equipment that is served by a mobile network. Furthermore, network information for the local network during the registration update process, during the handover, or during the state transition of the user equipment is determined. Network information is also provided to the user equipment during the registration update process, during the handover, or during the state transition of the user equipment. Additionally, a connection between the user equipment and the local network is established based on the network information.Type: ApplicationFiled: September 29, 2022Publication date: December 12, 2024Inventors: Devaki Chandramouli, Markus Staufer, Rainer Liebhart, Sumesh Parameswaran Nair, Jürgen Merkel
-
Patent number: 12003961Abstract: Techniques for facilitating onboarding to a non-public network is provided. Provisioning parameters may be provided to User Equipment (UE) from a Default Credential Server (DCS) via a secure communication tunnel. Additionally or alternatively, provisioning parameter container(s) including readable provisioning parameters for an Onboarding Network (ONN), and secure provisioning parameters for the UE, may be transmitted to the UE via the ONN. The disclosed methods and apparatuses enable the UE to onboard to a non-public network using the provisioning parameters, and to verify the integrity of the provisioning parameters and ensure the provisioning parameters are not modified by an unauthorized device.Type: GrantFiled: October 29, 2021Date of Patent: June 4, 2024Assignee: NOKIA TECHNOLOGIES OYInventors: Markus Staufer, Rainer Liebhart, Devaki Chandramouli, Markus Sakari Isomäki, Pekka Juhani Korja
-
Publication number: 20240056805Abstract: A method is disclosed comprising: establishing an encrypted session with an application function based on a certificate; receiving a request for an application key from the application function using the encrypted session, wherein the request comprises a key identifier relating to a user device and an application function identifier; determining at least one response to the request for the application key from a set of possible responses, the set comprising at least a rejection and a message comprising the application key and a user device identifier; and transmitting the at least one response to the request for the application key to the application function. Furthermore, related methods, apparatuses, computer programs and systems are disclosed.Type: ApplicationFiled: August 10, 2023Publication date: February 15, 2024Inventors: Markus STAUFER, Peter SCHNEIDER, Ranganathan MAVUREDDI DHANASEKARAN, Saurabh KHARE
-
Publication number: 20240056301Abstract: Method comprising: monitoring whether a network receives an authorization request for establishing a session of an AF with a UE, wherein the authorization request comprises a permanent identifier of the AF, a received temporary identifier of the AF, and a temporary identifier of a UE; if the authorization request is received: forming a key identifier based on the temporary identifier of the UE; retrieving, based on the key identifier, a stored key and a first permanent identifier of the UE; calculating a calculated temporary identifier of the AF based on the permanent identifier of the AF and the stored key; checking whether the calculated temporary identifier of the AF is identical with the received temporary identifier of the AF; inhibiting authorizing the AF for the establishing the session with the UE if the calculated temporary identifier of the AF is not identical with the received temporary identifier of the AF.Type: ApplicationFiled: August 10, 2023Publication date: February 15, 2024Inventors: Markus Staufer, Peter Schneider, Ranganathan Mavureddi Dhanasekaran, Saurabh Khare
-
Publication number: 20240056302Abstract: There is provided an apparatus, method and computer program for causing a first apparatus to: obtain an identifier of a cryptographic key according to a first security communication protocol; signal, to a second apparatus, a first authentication request according to a second security communication protocol, the first authentication request comprising the identifier of the cryptographic key and a first verifying information according to a second security communication protocol, wherein the first verifying information comprises a first value calculated using the cryptographic key; receive, from the second apparatus, an authentication response according to the second security communication protocol, the authentication response comprising a second verifying information according to the second security communication protocol, wherein the second verifying information comprises a second value; and verify the second apparatus for the second security communication protocol using the second value and the cryptographicType: ApplicationFiled: August 9, 2023Publication date: February 15, 2024Inventors: Markus STAUFER, Peter SCHNEIDER, Ranganathan MAVUREDDI DHANASEKARAN
-
Publication number: 20230413046Abstract: According to an example aspect of the present invention, there is provided an apparatus, such as a user equipment, configured to transmit to a cellular core network a request to open a protocol session to an external network which is external to the cellular core network, the request being configured to cause the cellular core network to transmit to the external network, or to receive from the external network, a code associated with a subscription of the apparatus, forward at least one authentication request originating in the external network to a node connected with the apparatus, via a local connection, and forward at least one authentication response from the node to the external network via the cellular core network, and relay packets comprised in the protocol session between the node and the external network without participating in the protocol session as an endpoint.Type: ApplicationFiled: June 14, 2023Publication date: December 21, 2023Inventors: Peter SCHNEIDER, Markus STAUFER, Ranganathan MAVUREDDI DHANASEKARAN
-
Publication number: 20230137814Abstract: Techniques for facilitating onboarding to a non-public network is provided. Provisioning parameters may be provided to User Equipment (UE) from a Default Credential Server (DCS) via a secure communication tunnel. Additionally or alternatively, provisioning parameter container(s) including readable provisioning parameters for an Onboarding Network (ONN), and secure provisioning parameters for the UE, may be transmitted to the UE via the ONN. The disclosed methods and apparatuses enable the UE to onboard to a non-public network using the provisioning parameters, and to verify the integrity of the provisioning parameters and ensure the provisioning parameters are not modified by an unauthorized device.Type: ApplicationFiled: October 29, 2021Publication date: May 4, 2023Inventors: Markus Staufer, Rainer Liebhart, Devaki Chandramouli, Markus Isomaki, Pekka Korja
-
Publication number: 20230045417Abstract: Techniques are disclosed for security management during an onboarding process for user equipment. For example, from a perspective of an onboarding network, a method comprises authenticating, via the onboarding network, user equipment based on an onboarding record previously configured for the user equipment or a set of user equipment and maintained by the onboarding network. Upon successful authentication, a communication session is established from the onboarding network to a provisioning server for remote provisioning of the user equipment. Advantageously, the onboarding process is performed without a default credential server.Type: ApplicationFiled: August 2, 2022Publication date: February 9, 2023Applicant: Nokia Technologies OyInventors: Markus Staufer, Rainer Liebhart, Sumesh Parameswaran Nair, Bo Holm Bjerrum
-
Publication number: 20220264296Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to transmit, by a user equipment, a concealed identifier of the user equipment to an onboarding network, wherein the concealed identifier of the user equipment indicates that the user equipment is requesting unauthenticated access to the onboarding network and execute, by the user equipment, a key generating authentication protocol to access the onboarding network without performing authentication of the user equipment.Type: ApplicationFiled: February 17, 2022Publication date: August 18, 2022Inventors: Markus STAUFER, Bo Holm BJERRUM
-
Publication number: 20220030431Abstract: According to an example aspect of the present invention, there is provided a method, comprising: receiving private mobile network credentials for accessing a private mobile network by a mobile device configured for machine to machine communications, receiving machine to machine service credentials for accessing a machine to machine service by a machine to machine service application of the mobile device, provisioning the private mobile network credentials to a first private mobile network n response to verifying a request for activating or registering the mobile device to the first private mobile network, and provisioning the machine to machine service credentials to a first machine to machine service entity in response to verifying a request for activating or registering the mobile device to the first machine to machine service.Type: ApplicationFiled: September 17, 2018Publication date: January 27, 2022Inventors: Martin PEYLO, Markus STAUFER