Silke Holtmanns has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
Abstract: Methods and apparatus, including computer program products, are provided for adaptive security. In one aspect there is provided a method. The method may include receiving, at a user equipment, at least one policy update representative of a rule defining at least one of a security level and an operation allowed to be performed at the security level; monitoring a configuration of the user equipment to determine whether the configuration of the user equipment violates the at least one policy update; and adapting, based on the monitoring, at least one of a security indicator at the user equipment and the operation at the user equipment. Related apparatus, systems, methods, and articles are also described.
Abstract: A warning system in which users' devices performs a method including: receiving a broadcast message comprising message information in a first human language from a mobile telecommunication network or an indication of an alternative radio bearer or network for retrieval of the message information; storing information templates in one or more different human languages; and presenting to a user, according to a language preference of the user: the message information of the broadcast message; or one or more information templates corresponding to the message information, in a second human language other than the first human language.
Abstract: It is provided a method, comprising monitoring if a request is received, wherein the request requests to replace a stored first address of a charging system by a second address, the first address is different from the second address, and the charging system is assumed to control a primary account of a subscriber; informing that the request might be malicious if the request is received.
Abstract: Method, apparatus and computer program for receiving an identification of an application that has issued a connectivity request for cellular communications with a cellular network; determining an access point name to be used for providing the identified application with the cellular communications; and verifying whether the identified access point name use is allowable with the identified application and accordingly allowing or preventing said use.
Abstract: Methods and apparatus, including computer program products, are provided in one aspect there is provided a method. The method may include detecting, at a first node, an event; generating, at the first node, a message in response to the detected event; and sending, at the first node, the message to at least a second node to enable the second node to determine at least one of a reliability or an importance of the message. Related apparatus, systems, methods, and articles are also described.
February 13, 2015
August 23, 2018
Martti Moisio, Silke Holtmanns, Mikko Uusitalo, Zexian Li, Ilkka Keskitalo
Abstract: Methods, apparatuses, and computer program products are herein provided for lawful interception through a subscription manager. In some embodiments, methods, apparatuses, and computer program products provide user subscription data to an agency, operator, or service provider in response to receiving a lawful interception request. A method may include receiving an interception request comprising a user's name from at least one operator. The method may further include determining, by a processor, an operator specific access code associated with the user's name. The method may also include providing the operator specific access code to the operator. Corresponding apparatuses and computer program products are also provided.
Abstract: A method comprises acquiring (201), in a network node (NE1), data transmitted between network nodes of a communication system. The network node (NE1) processes (202) the acquired data in order to optimize data scanning in the communication system, and provides (203) an output indicating selected data fields for which data scanning is to be performed. The processing (202) of the acquired data comprises classifying data fields of a data set based on selected data scanning characteristics of the data fields, calculating, based on the classifying, the sensitivity of the data fields, forming a first partial order of the data fields based on their sensitivity, forming a second partial order of the data fields based on their usage, and sorting, based on the first and second partial order, the data fields into data scanning categories.
Abstract: This document discloses a solution for detecting and mitigating anomalies such as signalling storms in a radio access network of a wireless communication system. According to an aspect, there is disclosed a method including receiving, in a first local traffic analysis module, configuration parameters from a second local traffic analysis module or from a central traffic analysis module connected to a plurality of local traffic analysis modules; monitoring, by a first traffic analysis module by using the received configuration parameters, traffic in a radio access network of a wireless communication system; detecting, in the monitored traffic on the basis of the configuration parameters, an anomaly causing a control plane signalling load; and in response to said detecting, taking an action to mitigate the anomaly and reporting information on the anomaly to the central traffic analysis module.
October 17, 2017
April 19, 2018
Aapo KALLIOLA, Ian Justin OLIVER, Yoan Jean Claude MICHE, Silke HOLTMANNS, Amaanat ALI, Pekka KUURE
Abstract: A method and apparatus are provided. Information associated with a lawful interception of communication data of a user equipment is received. Security information associated with the communication data of the user equipment is provided in response to the received information. The security information is based on a first secret which is shared between a communication network provider and the user equipment.
Abstract: Some embodiments of the present invention relate to an apparatus, a method, and a computer program product related to coexistence of two network operators, for example a local operator and an incumbent operator. In certain embodiments, a method may include monitoring if network information from a server part of an application is received by a client part of the application. The client part is connected to the server part via a first network that uses a radio access technology. The network information is related to a second network that uses the radio access technology, the second network being different from the first network. The method also includes controlling a cellular radio layer such that it interworks with the second network based on the received network and authentication information.
November 11, 2016
February 8, 2018
Athul PRASAD, Silke HOLTMANNS, Zexian LI, Mikko Aleksi UUSITALO
Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding handling of certificates for embedded Universal Integrated Circuit Cards. The present invention comprises composing, by a management entity, such as a subscription manager, a deletion command message for deleting certificates from an embedded universal integrated circuit card, eUICC, on which a plurality of certificates is pre-installed, the deletion command message including information on certificates to be deleted and an authorization of the management entity, and transmitting the deletion command message to the eUICC.
Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.
Abstract: An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.
Abstract: In accordance with the example embodiments of the Invention there is at least a method and apparatus to detect that at least one message received from another network device of a communication network is in response to a prior message using a spoofed source address; based on the detecting, mirror the at least one message; and send to the another network device the mirrored at least one message to cause the another network device to filter out the at least one message in response to the prior message using the spoofed address. Further, there is at least a method and apparatus to receive from a network node signaling associated with at least one message; based on the signaling, detect that the at least one message is in response to a prior message using a spoofed source address; and based on the detecting, filter out the at least one message in response to the prior message using the spoofed source address.
Abstract: A method, apparatus and computer program product are disclosed for establishing secure off-network communications between first and second Secure Cellular Devices that each have a cellular identity. The second Secure Cellular Device may assume the role of Remote Device for interaction with the NAF keyserver and may obtain a local key. The first Secure Cellular Device may derive the local key and the two devices may conduct secure communications using the shared local key. The two Secure Cellular Devices may alternate the roles of Secure Host and Remote Device, each twice obtaining or deriving a shared local key such that there are two such keys. The devices may employ one key for secure communication in one direction and the other for communication in the other direction. Alternatively, the devices may derive a unique shared key as a function of the two shared keys.
Abstract: The invention relates to a method and devices for mutual communication between devices, and to computer programs enabling such communication. According to the invention, in a first device is controlled a transmitter module operable in a local radio communications network to transmit a sequence of radio signal pulses representing a predetermined code. In at least one second device a receiver module is scanning said local radio communications network to detect said predetermined code. A contact network of the user of said at least second device is accessed, and the predetermined code is checked in the second device against the user's contact network for a match stored in the network profiles for the contacts. Then a validation key is fetched, that relates to a matching contact found in said contact network, and a connection establishment request containing the validation key is sent over said local radio communications network from the second device to the first device.
Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.
Abstract: A method, apparatus and computer program product are provided to selectively establish communications with one or more of a plurality of mobile terminals in accordance with a predefined criteria, such as a predefined schedule. In the context of a method, a mobile terminal maintains at least a first subscriber identity module (SIM) and a second SIM is mapped to different subscriber identification numbers. In this regard, the second SIM is mapped to the same subscriber identification number as the SIM of at least one other mobile terminal. The method may also activate the second SIM in accordance with a predefined criteria and may then subsequently deactivate the second SIM. For example, the second SIM may be activated and subsequently deactivated in accordance with a predefined schedule, such as a shift schedule, that identifies one or more time periods in which the second SIM is to be activated.
Abstract: A method comprises causing a network access application or cellular authentication in a secure element to be disabled by changing a status of security information. In one embodiment, a method is provided to disable the network access applications of a UICC, in case of an emergency call, by resetting a verification status of the PIN.