JPWO2022066228A5 - - Google Patents

Download PDF

Info

Publication number
JPWO2022066228A5
JPWO2022066228A5 JP2023519025A JP2023519025A JPWO2022066228A5 JP WO2022066228 A5 JPWO2022066228 A5 JP WO2022066228A5 JP 2023519025 A JP2023519025 A JP 2023519025A JP 2023519025 A JP2023519025 A JP 2023519025A JP WO2022066228 A5 JPWO2022066228 A5 JP WO2022066228A5
Authority
JP
Japan
Prior art keywords
plmn
identifier
sepp
inter
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2023519025A
Other languages
Japanese (ja)
Other versions
JP2023543999A (en
Publication date
Priority claimed from US17/095,420 external-priority patent/US11825310B2/en
Priority claimed from US17/129,441 external-priority patent/US11832172B2/en
Application filed filed Critical
Publication of JP2023543999A publication Critical patent/JP2023543999A/en
Publication of JPWO2022066228A5 publication Critical patent/JPWO2022066228A5/ja
Pending legal-status Critical Current

Links

Description

コンシューマNFに加えて、NFサービスインスタンスに関する情報を受信するためにサブスクライブできる別のタイプのネットワークノードは、サービス通信プロキシ(service communication proxy:SCP)である。SCPは、NRFをサブスクライブし、プロデューサNFサービスインスタンスに関する到達可能性とサービスプロファイル情報とを取得する。コンシューマNFはSCPに接続し、SCPは、必要なサービスを提供するプロデューサNFサービスインスタンス間でトラフィックを負荷分散するか、トラフィックを宛先のプロデューサNFインスタンスに直接ルーティングする。 In addition to consumer NFs, another type of network node that can subscribe to receive information about NF service instances is the service communication proxy (SCP). The SCP subscribes to the NRF and obtains reachability and service profile information about producer NF service instances. Consumer NFs connect to the SCP , which either load balances traffic among producer NF service instances that offer the required service or routes traffic directly to the destination producer NF instance.

NRF100は、プロデューサNFインスタンスのNFまたはサービスプロファイルのためのリポジトリである。プロデューサNFインスタンスと通信するために、コンシューマNFまたはSCPは、NRF100からNFもしくはサービスプロファイルまたはプロデューサNFインスタンスを取得しなければならない。NFまたはサービスプロファイルは、3GPP(登録商標)(Third Generation Partnership Project)TS(Technical Specification)29.510で定義されたJSON(JavaScript(登録商標) Object notation)データ構造である。NFまたはサービスプロファイル定義は、完全修飾ドメイン名(fully qualified domain name:FQDN)、インターネットプロトコル(Internet protocol:IP)バージョン4(IPv4)アドレスまたはIPバージョン6(IPv6)アドレスのうちの少なくとも1つを含む。図1では、(NRF100以外の)ノードのいずれかは、サービスを要求しているかまたは提供しているかに応じて、コンシューマNFまたはプロデューサNFのいずれかになり得る。図示された例では、ノードは、ネットワークにおいてポリシー関連の動作を実行するポリシー制御機能(policy control function:PCF)102と、ユーザデータを管理するユニファイドデータ管理(unified data management:UDM)機能104と、アプリケーションサービスを提供するアプリケーション機能(application function:AF)106とを含む。図1に示すノードはさらに、アクセス・モビリティ管理機能(access and mobility management function:AMF)110とPCF102との間のセッションを管理するセッション管理機能(session management function:SMF)108を含む。AMF110は、4Gネットワークにおけるモビリティ管理エンティティ(mobility management entity:MME)によって実行されるものと同様のモビリティ管理動作を実行する。認証サーバ機能(authentication server function:AUSF)112は、ユーザ機器(user equipment:UE)114などの、ネットワークへのアクセスを求めるユーザ機器(UE)のための認証サービスを実行する。 The NRF 100 is a repository for NF or service profiles of producer NF instances. To communicate with a producer NF instance, a consumer NF or SCP must obtain the NF or service profile or producer NF instance from the NRF 100. The NF or service profile is a JavaScript Object notation (JSON) data structure defined in 3GPP (Third Generation Partnership Project) Technical Specification (TS) 29.510. The NF or service profile definition includes at least one of a fully qualified domain name (FQDN), an Internet protocol (IP) version 4 (IPv4) address, or an IP version 6 (IPv6) address. In FIG. 1, any of the nodes (other than the NRF 100) can be either a consumer NF or a producer NF depending on whether it is requesting or providing a service. In the illustrated example, the node includes a policy control function (PCF) 102 that performs policy related operations in the network, a unified data management (UDM) function 104 that manages user data, and an application function (AF) 106 that provides application services. The node shown in FIG. 1 further includes a session management function (SMF) 108 that manages sessions between an access and mobility management function (AMF) 110 and the PCF 102. The AMF 110 performs mobility management operations similar to those performed by a mobility management entity (MME) in 4G networks. An authentication server function (AUSF) 112 performs authentication services for user equipment (UE) seeking access to the network, such as user equipment (UE) 114.

TLSハンドシェイクメッセージ構造で示されるように、定義されたハンドシェイクメッセージタイプのうちの1つは証明書メッセージであり、送信者がクライアントとして機能しているかサーバとして機能しているかによって、クライアントまたはサーバの証明書を含む。N32-cインターフェイスを介して安全なTLS通信を確立する際に、TLS接続の両端が他方の端のX.509証明書の受信および検証を行う相互TLS、すなわちm-TLSが使用される。IETF RFC5246によると、証明書の種類は、明示的にネゴシエーションされない限り、X.509v3でなければならない。本明細書で説明する例では、X.509v3証明書を例として使用するが、本明細書で説明する主題は、X.509v3証明書から抽出した送信者のIDを使用して送信者のN32-f IDを検証することだけに限られない。X.509v3証明書フォーマットは、IETF RFC3280で定義されている。IETF RFC3280によると、X.509v3証明書に含まれ得る1つの拡張子またはパラメータは、サブジェクト代替名拡張子である。サブジェクト代替名拡張子は、以下のように定義される。 As shown in the TLS handshake message structure, one of the defined handshake message types is the Certificate message, which contains either the client or server certificate, depending on whether the sender is acting as a client or server. In establishing secure TLS communication over the N32-c interface, mutual TLS, or m-TLS, is used, where both ends of the TLS connection receive and verify the X.509 certificate of the other end. According to IETF RFC 5246, the certificate type must be X.509v3 unless explicitly negotiated. In the examples described herein, X.509v3 certificates are used as examples, although the subject matter described herein is not limited to verifying the sender's N32-f identity using the sender's identity extracted from the X.509v3 certificate . The X.509v3 certificate format is defined in IETF RFC 3280. According to IETF RFC 3280, the X.509v3 certificate format is defined in IETF RFC 3280. One extension or parameter that may be included in an X.509v3 certificate is the Subject Alternative Name extension, which is defined as follows:

ステップ800において、応答SEPPはまた、(オプションとして)PLMN間制御インターフェイスを介して受信された少なくとも1つのメッセージから第1のPLMN識別子を取得し得る。たとえば、SEPP126Bは、第1のTLS接続を介したN32-cセキュリティ能力ネゴシエーション中に送信されたSecNegotiateReqData情報要素の送信者属性から第1のPLMN識別子を抽出し、このPLMN識別子をデータベースに格納し得る。 In step 800, the responding SEPP may also (optionally) obtain the first PLMN identifier from at least one message received over the inter-PLMN control interface. For example, the SEPP 126B may extract the first PLMN identifier from a sender attribute of a SecNegotiateReqData information element sent during the N32-c security capabilities negotiation over the first TLS connection and store the PLMN identifier in a database.

Figure 2022066228000001
Figure 2022066228000001

ステップ806において、応答SEPPは、第2のTLS SEPP識別子と第2のPLMN識別子とのうちの少なくとも1つを含むルックアップキーを使用して、SEPP PLMN間転送インターフェイスID相互検証データベースにおいてルックアップを実行する。たとえば、応答SEPPは、第2のTLS SEPP識別子、第2のPLMN識別子、またはN32-f TLS SEPP識別子およびN32-f PLMN識別子を含むタプルから構成されるルックアップキーを使用して、データベース600においてルックアップを実行し得る。 In step 806, the responding SEPP performs a lookup in the SEPP inter-PLMN forwarding interface ID cross-validation database using a lookup key including at least one of a second TLS SEPP identifier and a second PLMN identifier. For example, the responding SEPP may perform a lookup in database 600 using a lookup key consisting of a tuple including a second TLS SEPP identifier, a second PLMN identifier, or an N32-f TLS SEPP identifier and an N32-f PLMN identifier.

以下の各文献の開示は、その全体が引用により本明細書に援用される。
参考文献
1 IETF RFC 5246; The Transport Layer Security (TLS) Protocol, Version 1.2; August 2008.
2. IETF RFC 3280; Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002.
3. 3GPP TS 29.573; 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Public Land Mobile Network (PLMN)
Interconnection; Stage 3 (Release 16), V16.3.0 (2020-07).
4. 3GPP TS 33.501; 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security Architecture and Procedures for 5G
System; (Release 16), V16.3.0 (2020-07).
5. 3GPP TS 29.510; 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Network Function Repository Services; Stage3 (Release 16), V16.4.0 (2020-07).
現在開示されている主題の範囲から逸脱することなく、現在開示されている主題のさまざまな詳細を変更可能であることが理解されるであろう。さらに、前述の説明は、限定のためではなく、例示のためのもであるに過ぎない。 The disclosures of each of the following documents are incorporated herein by reference in their entirety:
References
1 IETF RFC 5246; The Transport Layer Security (TLS) Protocol, Version 1.2; August 2008 .
2. IETF RFC 3280; Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002.
3. 3GPP TS 29.573; 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Public Land Mobile Network (PLMN)
Interconnection; Stage 3 (Release 16), V16.3.0 (2020-07) .
4. 3GPP TS 33.501; 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security Architecture and Procedures for 5G
System; (Release 16), V16.3.0 (2020-07).
5. 3GPP TS 29.510; 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Network Function Repository Services; Stage3 (Release 16), V16.4.0 (2020-07).
It will be understood that various details of the presently disclosed subject matter can be changed without departing from the scope of the presently disclosed subject matter. Moreover, the foregoing description is merely illustrative, and not limiting.

Claims (20)

セキュリティエッジ保護プロキシ(SEPP)パブリックランドモバイルネットワーク間(PLMN間)転送インターフェイスにおけるなりすまし攻撃を緩和するための方法であって、
応答SEPPが、PLMN間制御インターフェイスを介して受信された少なくとも1つのメッセージから、第1のSEPP識別子と第1のPLMN識別子とのうちの少なくとも1つを取得することと、
前記第1のSEPP識別子と前記第1のPLMN識別子とのうちの前記少なくとも1つを、SEPP PLMN間転送インターフェイスID相互検証データベースに格納することと、
前記応答SEPPが、前記PLMN間転送インターフェイスを介して受信された少なくとも1つのメッセージから、第2のSEPP識別子と第2のPLMN識別子とのうちの少なくとも1つを取得することと、
前記第2のSEPP識別子と前記第2のPLMN識別子とのうちの少なくとも1つを含むルックアップキーを用いて、前記SEPP PLMN間転送インターフェイスID相互検証データベースにおいてルックアップを実行することと、
前記ルックアップキーに対応するレコードが前記SEPP PLMN間転送インターフェイスID相互検証データベースに存在しないと判定し、これに応答して、前記PLMN間転送インターフェイスを介して受信された前記少なくとも1つのメッセージが、前記応答SEPPによって保護されるPLMNに入るのを防止することとを備える、方法。 A method for mitigating spoofing attacks in a Security Edge Protection Proxy (SEPP) public land mobile network (inter-PLMN) forwarding interface, comprising:
the responding SEPP obtaining at least one of a first SEPP identifier and a first PLMN identifier from at least one message received via the inter-PLMN control interface;
storing the at least one of the first SEPP identifier and the first PLMN identifier in a SEPP Inter-PLMN Transfer Interface ID Cross-Validation Database;
the responding SEPP obtaining at least one of a second SEPP identifier and a second PLMN identifier from at least one message received via the inter-PLMN transfer interface;
performing a lookup in the SEPP inter-PLMN transfer interface ID cross-validation database using a lookup key including at least one of the second SEPP identifier and the second PLMN identifier;
determining that a record corresponding to the lookup key does not exist in the SEPP inter-PLMN forwarding interface identity cross-validation database, and in response, preventing the at least one message received via the inter-PLMN forwarding interface from entering a PLMN protected by the responding SEPP. 前記PLMN間制御インターフェイスはN32-cインターフェイスを含み、前記PLMN間転送インターフェイスはN32-fインターフェイスを含む、請求項1に記載の方法。 The method of claim 1 , wherein the inter-PLMN control interface comprises an N32-c interface and the inter-PLMN transport interface comprises an N32-f interface. 前記PLMN間制御インターフェイスを介して受信された前記少なくとも1つのメッセージから、前記第1のSEPP識別子と前記第1のPLMN識別子とのうちの少なくとも1つを取得することは、N32-cインターフェイス用のトランスポート層セキュリティ(TLS)接続を確立するためのTLSハンドシェイク中に、前記PLMN間制御インターフェイスを介して受信された第1のTLS証明書メッセージに含まれる第1の証明書から、前記第1のSEPP識別子を取得することを含む、請求項1または2に記載の方法。 3. The method of claim 1 , wherein obtaining at least one of the first SEPP identifier and the first PLMN identifier from the at least one message received over the inter-PLMN control interface comprises obtaining the first SEPP identifier from a first certificate included in a first Transport Layer Security (TLS) Certificate message received over the inter-PLMN control interface during a TLS handshake to establish a TLS connection for an N32-c interface. 前記第1の証明書は、第1のX.509証明書を含む、請求項3に記載の方法。 3. The method of claim 2, wherein the first certificate comprises a first X.509 certificate. 前記第1のSEPP識別子を取得することは、前記第1のX.509証明書のサブジェクト代替名拡張子から前記第1のSEPP識別子を抽出することを含む、請求項4に記載の方法。 5. The method of claim 4, wherein obtaining the first SEPP identifier includes extracting the first SEPP identifier from a subject alternative name extension of the first X.509 certificate. 前記PLMN間転送インターフェイスを介して受信された少なくとも1つのメッセージから前記第2のSEPP識別子と前記第2のPLMN識別子とのうちの少なくとも1つを取得することは、N32-fインターフェイス用のTLS接続を確立するためのTLSハンドシェイク中に受信された第2のTLS証明書メッセージに含まれる第2の証明書から、前記第2のSEPP識別子を取得することを含む、請求項1~5のいずれか1項に記載の方法。 6. The method of claim 1, wherein obtaining at least one of the second SEPP identifier and the second PLMN identifier from at least one message received over the inter -PLMN forwarding interface comprises obtaining the second SEPP identifier from a second certificate included in a second TLS Certificate message received during a TLS handshake for establishing a TLS connection for an N32 -f interface. 前記第2の証明書は、第2のX.509証明書を含む、請求項6に記載の方法。 8. The method of claim 6, wherein the second certificate comprises a second X.509 certificate. 前記第2のSEPP識別子を取得することは、前記第2のX.509証明書のサブジェクト代替名拡張子から前記第2のSEPP識別子を抽出することを含む、請求項7に記載の方法。 8. The method of claim 7, wherein obtaining the second SEPP identifier includes extracting the second SEPP identifier from a subject alternative name extension of the second X.509 certificate. 前記PLMN間制御インターフェイスを介して受信された少なくとも1つのメッセージから前記第1のSEPP識別子と前記第1のPLMN識別子とを取得することは、前記PLMN間制御インターフェイス用のトランスポート層セキュリティ(TLS)接続を設定するためのTLSハンドシェイク中に受信された第1のTLS証明書メッセージから、前記第1のSEPP識別子を取得することと、前記PLMN間制御インターフェイス用の前記TLS接続を介して受信されたN32-cセキュリティ能力交換メッセージから、前記第1のPLMN識別子を取得することとを含み、
前記PLMN間転送インターフェイスを介して受信された少なくとも1つのメッセージから前記第2のSEPP識別子と前記第2のPLMN識別子とを取得することは、前記PLMN間転送インターフェイス用のTLS接続を設定するためのTLSハンドシェイク中に受信された第2のTLS認証メッセージから、前記第2のSEPP識別子を取得することと、前記PLMN間転送インターフェイス用の前記TLS接続を介して受信された5Gサービスメッセージから、前記第2のPLMN識別子を取得することとを含む、請求項1~8のいずれか1項に記載の方法。 obtaining the first SEPP identifier and the first PLMN identifier from at least one message received over the inter-PLMN control interface includes obtaining the first SEPP identifier from a first Transport Layer Security (TLS) Certificate message received during a TLS handshake to set up a TLS connection for the inter-PLMN control interface, and obtaining the first PLMN identifier from an N32-c Security Capabilities Exchange message received over the TLS connection for the inter-PLMN control interface;
9. The method of claim 1, wherein obtaining the second SEPP identifier and the second PLMN identifier from at least one message received over the inter-PLMN transport interface comprises obtaining the second SEPP identifier from a second TLS authentication message received during a TLS handshake for setting up a TLS connection for the inter-PLMN transport interface, and obtaining the second PLMN identifier from a 5G service message received over the TLS connection for the inter - PLMN transport interface. 前記ルックアップキーは、前記第2のSEPP識別子と前記第2のPLMN識別子とを含むタプルから構成される、請求項1~9のいずれか1項に記載の方法。 The method of any one of claims 1 to 9 , wherein the lookup key consists of a tuple including the second SEPP identifier and the second PLMN identifier. セキュリティエッジ保護プロキシ(SEPP)パブリックランドモバイルネットワーク間(PLMN間)転送インターフェイスにおけるなりすまし攻撃を緩和するためのシステムであって、
少なくとも1つのプロセッサとメモリとを含むSEPPと、
前記メモリに存在するSEPP PLMN間転送インターフェイスID相互検証データベースと、
前記少なくとも1つのプロセッサによって実装されたPLMN間転送インターフェイスIDなりすまし緩和モジュールとを備え、前記PLMN間転送インターフェイスIDなりすまし緩和モジュールは、
PLMN間制御インターフェイスを介して受信された少なくとも1つのメッセージから、第1のSEPP識別子と第1のPLMN識別子とのうちの少なくとも1つを取得し、
前記第1のSEPP識別子と前記第1のPLMN識別子とのうちの前記少なくとも1つを、SEPP PLMN間転送インターフェイスID相互検証データベースに格納し、
前記PLMN間転送インターフェイスを介して受信された少なくとも1つのメッセージから、第2のSEPP識別子と第2のPLMN識別子とのうちの少なくとも1つを取得し、
前記第2のSEPP識別子と前記第2のPLMN識別子とのうちの少なくとも1つを含むルックアップキーを用いて、前記SEPP PLMN間転送インターフェイスID相互検証データベースにおいてルックアップを実行し、
前記ルックアップキーに対応するレコードが前記SEPP PLMN間転送インターフェイスID相互検証データベースに存在しないと判定し、これに応答して、前記PLMN間転送インターフェイスを介して受信された前記少なくとも1つのメッセージが、前記SEPPによって保護されるPLMNに入ることを防止するように構成されている、システム。 1. A system for mitigating spoofing attacks in a Security Edge Protection Proxy (SEPP) public land mobile network (inter-PLMN) forwarding interface, comprising:
a SEPP including at least one processor and a memory;
a SEPP inter-PLMN transfer interface ID cross-validation database present in said memory;
and an inter-PLMN forwarding interface ID spoofing mitigation module implemented by the at least one processor, the inter-PLMN forwarding interface ID spoofing mitigation module comprising:
obtaining at least one of a first SEPP identifier and a first PLMN identifier from at least one message received via an inter-PLMN control interface;
storing the at least one of the first SEPP identifier and the first PLMN identifier in a SEPP Inter-PLMN Transfer Interface ID Cross-Validation Database;
obtaining at least one of a second SEPP identifier and a second PLMN identifier from at least one message received via the inter-PLMN transfer interface;
performing a lookup in the SEPP inter-PLMN transfer interface ID cross-validation database using a lookup key including at least one of the second SEPP identifier and the second PLMN identifier;
and determining that a record corresponding to the lookup key does not exist in the SEPP inter-PLMN forwarding interface ID cross-validation database, and in response, preventing the at least one message received via the inter-PLMN forwarding interface from entering a PLMN protected by the SEPP. 前記PLMN間制御インターフェイスはN32-cインターフェイスを含み、前記PLMN間転送インターフェイスはN32-fインターフェイスを含む、請求項11に記載のシステム。 The system of claim 11, wherein the inter-PLMN control interface includes an N32-c interface and the inter-PLMN transfer interface includes an N32-f interface. 前記第1のSEPP識別子と前記第1のPLMN識別子とのうちの前記少なくとも1つを取得することは、N32-cインターフェイス用のトランスポート層セキュリティ(TLS)接続を確立するためのTLSハンドシェイク中に受信された第1のTLS証明書メッセージに含まれる第1の証明書から、前記第1のSEPP識別子を取得することを含む、請求項11または12に記載のシステム。 13. The system of claim 11 or 12, wherein obtaining the at least one of the first SEPP identifier and the first PLMN identifier includes obtaining the first SEPP identifier from a first certificate included in a first Transport Layer Security (TLS) Certificate message received during a TLS handshake to establish a TLS connection for an N32 -c interface. 前記第1の証明書は、第1のX.509証明書を含む、請求項13に記載のシステム。 The system of claim 13, wherein the first certificate comprises a first X.509 certificate. 前記PLMN間転送インターフェイスIDなりすまし緩和モジュールは、前記第1のX.509証明書のサブジェクト代替名拡張子から前記第1のSEPP識別子を抽出するように構成されている、請求項14に記載のシステム。 15. The system of claim 14, wherein the inter-PLMN transfer interface ID spoofing mitigation module is configured to extract the first SEPP identifier from a subject alternative name extension of the first X.509 certificate. 前記PLMN間転送インターフェイスを介して受信された少なくとも1つのメッセージから前記第2のSEPP識別子と前記第2のPLMN識別子とのうちの少なくとも1つを取得することは、N32-fインターフェイス用のTLS接続を確立するためのTLSハンドシェイク中に受信された第2のTLS証明書メッセージに含まれる第2のSEPP識別子を取得することを含む、請求項11~14のいずれか1項に記載のシステム。 15. The system of claim 11, wherein obtaining at least one of the second SEPP identifier and the second PLMN identifier from at least one message received over the inter-PLMN transfer interface comprises obtaining a second SEPP identifier included in a second TLS Certificate message received during a TLS handshake for establishing a TLS connection for an N32 -f interface. 前記第2の証明書は第2のX.509証明書を含み、前記PLMN間転送インターフェイスIDなりすまし緩和モジュールは、前記X.509証明書のサブジェクト代替名拡張子から前記第2の識別子を抽出することによって、前記第2の識別子を取得するように構成されている、請求項16に記載のシステム。 17. The system of claim 16, wherein the second certificate comprises a second X.509 certificate, and the inter-PLMN transfer interface ID spoofing mitigation module is configured to obtain the second identifier by extracting the second identifier from a subject alternative name extension of the X.509 certificate. 前記PLMN間制御インターフェイスを介して受信された少なくとも1つのメッセージから前記第1のSEPP識別子と前記第1のPLMN識別子とを取得することは、前記PLMN間制御インターフェイス用のトランスポート層セキュリティ(TLS)接続を設定するためのTLSハンドシェイク中に受信された第1のTLS証明書メッセージから、前記第1のSEPP識別子を取得することと、前記PLMN間制御インターフェイス用の前記TLS接続を介して受信されたN32-cセキュリティ能力交換メッセージから、前記第1のPLMN識別子を取得することとを含み、
前記PLMN間転送インターフェイスを介して受信された少なくとも1つのメッセージから前記第2のSEPP識別子と前記第2のPLMN識別子とを取得することは、前記PLMN間転送インターフェイス用のTLS接続を設定するためのTLSハンドシェイク中に受信された第2のTLS認証メッセージから、前記第2のSEPP識別子を取得することと、前記PLMN間転送インターフェイス用の前記TLS接続を介して受信された5Gサービスメッセージから、前記第2のPLMN識別子を取得することとを含む、請求項11~17のいずれか1項に記載のシステム。 obtaining the first SEPP identifier and the first PLMN identifier from at least one message received over the inter-PLMN control interface includes obtaining the first SEPP identifier from a first Transport Layer Security (TLS) Certificate message received during a TLS handshake to set up a TLS connection for the inter-PLMN control interface, and obtaining the first PLMN identifier from an N32-c Security Capabilities Exchange message received over the TLS connection for the inter-PLMN control interface;
18. The system of claim 11, wherein obtaining the second SEPP identifier and the second PLMN identifier from at least one message received over the inter-PLMN transport interface includes obtaining the second SEPP identifier from a second TLS authentication message received during a TLS handshake to set up a TLS connection for the inter-PLMN transport interface, and obtaining the second PLMN identifier from a 5G service message received over the TLS connection for the inter-PLMN transport interface. 前記ルックアップキーは、前記第2のSEPP識別子と前記第2のPLMN識別子とを含むタプルから構成される、請求項11~18のいずれか1項に記載のシステム。 The system of any one of claims 11 to 18, wherein the lookup key is composed of a tuple including the second SEPP identifier and the second PLMN identifier. コンピュータに請求項1~10のいずれか1項に記載の方法を実行させるプログラム。A program for causing a computer to execute the method according to any one of claims 1 to 10.
JP2023519025A 2020-09-25 2021-04-29 Methods, systems, and computer-readable medium for mitigating spoofing attacks on Security Edge Protection Proxy (SEPP) public land mobile network (PLMN-to-PLMN) transport interfaces Pending JP2023543999A (en)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
IN202041041754 2020-09-25
IN202041041754 2020-09-25
IN202041047779 2020-11-02
IN202041047779 2020-11-02
US17/095,420 2020-11-11
US17/095,420 US11825310B2 (en) 2020-09-25 2020-11-11 Methods, systems, and computer readable media for mitigating 5G roaming spoofing attacks
US17/129,441 2020-12-21
US17/129,441 US11832172B2 (en) 2020-09-25 2020-12-21 Methods, systems, and computer readable media for mitigating spoofing attacks on security edge protection proxy (SEPP) inter-public land mobile network (inter-PLMN) forwarding interface
PCT/US2021/029977 WO2022066228A1 (en) 2020-09-25 2021-04-29 Methods, systems, and computer readable media for mitigating spoofing attacks on security edge protection proxy (sepp) inter-public land mobile network (inter-plmn) forwarding interface

Publications (2)

Publication Number Publication Date
JP2023543999A JP2023543999A (en) 2023-10-19
JPWO2022066228A5 true JPWO2022066228A5 (en) 2024-05-09

Family

ID=80821937

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2023519025A Pending JP2023543999A (en) 2020-09-25 2021-04-29 Methods, systems, and computer-readable medium for mitigating spoofing attacks on Security Edge Protection Proxy (SEPP) public land mobile network (PLMN-to-PLMN) transport interfaces
JP2023519026A Pending JP2023544000A (en) 2020-09-25 2021-04-29 Methods, systems, and computer-readable medium for mitigating 5G roaming spoofing attacks

Family Applications After (1)

Application Number Title Priority Date Filing Date
JP2023519026A Pending JP2023544000A (en) 2020-09-25 2021-04-29 Methods, systems, and computer-readable medium for mitigating 5G roaming spoofing attacks

Country Status (4)

Country Link
US (1) US11832172B2 (en)
EP (2) EP4218169A1 (en)
JP (2) JP2023543999A (en)
WO (2) WO2022066227A1 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11411925B2 (en) 2019-12-31 2022-08-09 Oracle International Corporation Methods, systems, and computer readable media for implementing indirect general packet radio service (GPRS) tunneling protocol (GTP) firewall filtering using diameter agent and signal transfer point (STP)
US11553342B2 (en) 2020-07-14 2023-01-10 Oracle International Corporation Methods, systems, and computer readable media for mitigating 5G roaming security attacks using security edge protection proxy (SEPP)
US11751056B2 (en) 2020-08-31 2023-09-05 Oracle International Corporation Methods, systems, and computer readable media for 5G user equipment (UE) historical mobility tracking and security screening using mobility patterns
US11825310B2 (en) 2020-09-25 2023-11-21 Oracle International Corporation Methods, systems, and computer readable media for mitigating 5G roaming spoofing attacks
US11832172B2 (en) 2020-09-25 2023-11-28 Oracle International Corporation Methods, systems, and computer readable media for mitigating spoofing attacks on security edge protection proxy (SEPP) inter-public land mobile network (inter-PLMN) forwarding interface
US11632361B2 (en) * 2020-10-02 2023-04-18 Citrix Systems, Inc. Combined authentication and connection establishment for a communication channel
US11622255B2 (en) 2020-10-21 2023-04-04 Oracle International Corporation Methods, systems, and computer readable media for validating a session management function (SMF) registration request
US11528251B2 (en) 2020-11-06 2022-12-13 Oracle International Corporation Methods, systems, and computer readable media for ingress message rate limiting
US11770694B2 (en) 2020-11-16 2023-09-26 Oracle International Corporation Methods, systems, and computer readable media for validating location update messages
US11818570B2 (en) 2020-12-15 2023-11-14 Oracle International Corporation Methods, systems, and computer readable media for message validation in fifth generation (5G) communications networks
US11812271B2 (en) 2020-12-17 2023-11-07 Oracle International Corporation Methods, systems, and computer readable media for mitigating 5G roaming attacks for internet of things (IoT) devices based on expected user equipment (UE) behavior patterns
US20220248229A1 (en) * 2021-02-01 2022-08-04 Nokia Technologies Oy Termination of connections over a forwarding interface between networks
US11700510B2 (en) 2021-02-12 2023-07-11 Oracle International Corporation Methods, systems, and computer readable media for short message delivery status report validation
US11516671B2 (en) 2021-02-25 2022-11-29 Oracle International Corporation Methods, systems, and computer readable media for mitigating location tracking and denial of service (DoS) attacks that utilize access and mobility management function (AMF) location service
US20220353263A1 (en) * 2021-04-28 2022-11-03 Verizon Patent And Licensing Inc. Systems and methods for securing network function subscribe notification process
US11689912B2 (en) 2021-05-12 2023-06-27 Oracle International Corporation Methods, systems, and computer readable media for conducting a velocity check for outbound subscribers roaming to neighboring countries
US11533358B1 (en) * 2021-09-17 2022-12-20 Nokia Technologies Oy Roaming hub for secure interconnect in roaming scenarios

Family Cites Families (267)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE508514C2 (en) 1997-02-14 1998-10-12 Ericsson Telefon Ab L M Method and apparatus for transmitting short messages in a telecommunication system comprising a mobile communication system
US6151503A (en) 1997-12-17 2000-11-21 Lucent Technologies Inc. Subscriber activated wireless telephone call rerouting system
US6308075B1 (en) 1998-05-04 2001-10-23 Adc Telecommunications, Inc. Method and apparatus for routing short messages
JP3049056B1 (en) 1998-07-02 2000-06-05 日本電気通信システム株式会社 Subscriber data control method for mobile communication network
US6343215B1 (en) 1998-11-10 2002-01-29 Lucent Technologies, Inc ANSI 41 dialed number validation
US6292666B1 (en) 1999-05-06 2001-09-18 Ericsson Inc. System and method for displaying country on mobile stations within satellite systems
CA2312012A1 (en) 1999-06-30 2000-12-30 Lucent Technologies Inc. Transaction notification system and method
DE59912688D1 (en) 1999-11-17 2005-11-24 Swisscom Mobile Ag METHOD AND SYSTEM FOR PREPARING AND TRANSMITTING SMS MESSAGES IN A MOBILE RADIO NETWORK
FI110975B (en) 1999-12-22 2003-04-30 Nokia Corp Prevention of fraud in telecommunication systems
US6990347B2 (en) 2000-03-07 2006-01-24 Tekelec Methods and systems for mobile application part (MAP) screening
TW589855B (en) 2000-05-15 2004-06-01 Ntt Docomo Inc Authentication system and method
EP1213931A3 (en) 2000-12-05 2003-03-19 Siemens Aktiengesellschaft Method for sending and receiving Short Messages in a mobile radio network
US7333482B2 (en) 2000-12-22 2008-02-19 Interactive People Unplugged Ab Route optimization technique for mobile IP
AUPR441401A0 (en) 2001-04-12 2001-05-17 Gladwin, Paul Utility usage rate monitor
US20090168719A1 (en) 2001-10-11 2009-07-02 Greg Mercurio Method and apparatus for adding editable information to records associated with a transceiver device
EP1304897A1 (en) 2001-10-22 2003-04-23 Agilent Technologies, Inc. (a Delaware corporation) Methods and apparatus for providing data for enabling location of a mobile communications device
US7644436B2 (en) 2002-01-24 2010-01-05 Arxceo Corporation Intelligent firewall
US7068999B2 (en) 2002-08-02 2006-06-27 Symbol Technologies, Inc. System and method for detection of a rogue wireless access point in a wireless communication network
US20100240361A1 (en) 2002-08-05 2010-09-23 Roamware Inc. Anti-inbound traffic redirection system
US7729686B2 (en) 2003-04-02 2010-06-01 Qualcomm Incorporated Security methods for use in a wireless communications system
US7043754B2 (en) 2003-06-12 2006-05-09 Michael Arnouse Method of secure personal identification, information processing, and precise point of contact location and timing
US8121594B2 (en) 2004-02-18 2012-02-21 Roamware, Inc. Method and system for providing roaming services to inbound roamers using visited network Gateway Location Register
US7567661B1 (en) 2003-12-31 2009-07-28 Nortel-Networks Limited Telephony service information management system
GB0406119D0 (en) 2004-03-18 2004-04-21 Telsis Holdings Ltd Telecommunications services apparatus and method
WO2005101872A1 (en) 2004-04-14 2005-10-27 Nooren Consulting B.V. Method for preventing the delivery of short message service message spam
US7403537B2 (en) 2004-04-14 2008-07-22 Tekelec Methods and systems for mobile application part (MAP) screening in transit networks
US7319857B2 (en) 2004-09-13 2008-01-15 Tekelec Methods, systems, and computer program products for delivering messaging service messages
IES20040693A2 (en) 2004-10-14 2006-04-19 Anam Mobile Ltd A messaging system and method
US7870201B2 (en) 2004-12-03 2011-01-11 Clairmail Inc. Apparatus for executing an application function using a mail link and methods therefor
US20060211406A1 (en) 2005-03-17 2006-09-21 Nokia Corporation Providing security for network subscribers
US8867575B2 (en) 2005-04-29 2014-10-21 Jasper Technologies, Inc. Method for enabling a wireless device for geographically preferential services
WO2007004224A1 (en) 2005-07-05 2007-01-11 Mconfirm Ltd. Improved location based authentication system
US20070174082A1 (en) 2005-12-12 2007-07-26 Sapphire Mobile Systems, Inc. Payment authorization using location data
US7881192B2 (en) 2006-01-13 2011-02-01 Futurewei Technologies, Inc. System for providing aggregate-rate communication services
US7817550B2 (en) 2006-01-13 2010-10-19 Futurewei Technologies, Inc. System for rate-control of aggregate-rate communication services
US20070168432A1 (en) 2006-01-17 2007-07-19 Cibernet Corporation Use of service identifiers to authenticate the originator of an electronic message
EP1835686B1 (en) 2006-03-13 2015-12-23 Vodafone Group PLC Method of providing access to an IP multimedia subsystem based on provided access network data.
US7539133B2 (en) 2006-03-23 2009-05-26 Alcatel-Lucent Usa Inc. Method and apparatus for preventing congestion in load-balancing networks
US20070248032A1 (en) 2006-04-21 2007-10-25 Subramanian Vasudevan Method of providing route update messages and paging access terminals
US8121624B2 (en) 2006-07-25 2012-02-21 Alcatel Lucent Message spoofing detection via validation of originating switch
EP2050286B1 (en) 2006-07-31 2018-09-05 Mitel Networks, Inc. System to facilitate handover
JP4174535B2 (en) 2006-08-22 2008-11-05 Necインフロンティア株式会社 Authentication system and authentication method for authenticating wireless terminal
US8145234B1 (en) 2006-09-13 2012-03-27 At&T Mobility Ii Llc Secure user plane location (SUPL) roaming
WO2008037638A1 (en) 2006-09-27 2008-04-03 Nokia Siemens Networks Gmbh & Co. Kg Intelligent location tracking based on predictive modelling
EP2080673B1 (en) 2006-11-02 2014-03-12 Panasonic Corporation Vehicle power supply device
US8929360B2 (en) 2006-12-07 2015-01-06 Cisco Technology, Inc. Systems, methods, media, and means for hiding network topology
US8014755B2 (en) 2007-01-05 2011-09-06 Macronix International Co., Ltd. System and method of managing contactless payment transactions using a mobile communication device as a stored value device
US20080207181A1 (en) 2007-02-28 2008-08-28 Roamware Method and system for applying value added services on messages sent to a subscriber without affecting the subscriber's mobile communication
US8280348B2 (en) 2007-03-16 2012-10-02 Finsphere Corporation System and method for identity protection using mobile device signaling network derived location pattern recognition
EP1983787B1 (en) 2007-04-19 2012-11-28 Nokia Siemens Networks Oy Transmission and distribution of position- and/or network-related information from access networks
US7916718B2 (en) 2007-04-19 2011-03-29 Fulcrum Microsystems, Inc. Flow and congestion control in switch architectures for multi-hop, memory efficient fabrics
WO2008138440A2 (en) 2007-05-16 2008-11-20 Panasonic Corporation Methods in mixed network and host-based mobility management
US20090045251A1 (en) 2007-08-14 2009-02-19 Peeyush Jaiswal Restricting bank card access based upon use authorization data
CN101822080B (en) 2007-10-09 2013-01-16 艾利森电话股份有限公司 Technique for providing support for plurality of mobility management protocols
US8036660B2 (en) 2008-01-24 2011-10-11 Avaya Inc. Call-handling for an off-premises, telecommunications terminal with an installed subscriber identity module
US20110063126A1 (en) 2008-02-01 2011-03-17 Energyhub Communications hub for resource consumption management
US8255090B2 (en) 2008-02-01 2012-08-28 Energyhub System and method for home energy monitor and control
US8509074B1 (en) 2008-03-31 2013-08-13 Saisei Networks Pte Ltd System, method, and computer program product for controlling the rate of a network flow and groups of network flows
CN101471797B (en) 2008-03-31 2012-05-30 华为技术有限公司 Decision-making method and system as well as policy decision unit
WO2009134265A1 (en) 2008-05-01 2009-11-05 Lucent Technologies Inc Message restriction for diameter servers
CN101277541B (en) 2008-05-22 2012-02-08 中兴通讯股份有限公司 Method for forwarding message of Diameter route entity
US8255994B2 (en) 2008-08-20 2012-08-28 Sprint Communications Company L.P. Detection and suppression of short message service denial of service attacks
US9928379B1 (en) 2008-09-08 2018-03-27 Steven Miles Hoffer Methods using mediation software for rapid health care support over a secured wireless network; methods of composition; and computer program products therefor
US8326265B2 (en) 2008-10-17 2012-12-04 Tekelec Netherlands Group, B.V. Methods, systems, and computer readable media for detection of an unauthorized service message in a network
US9038171B2 (en) 2008-10-20 2015-05-19 International Business Machines Corporation Visual display of website trustworthiness to a user
US8494364B2 (en) 2008-10-21 2013-07-23 Broadcom Corporation Supporting multi-dwelling units in passive optical networks
CN101742445A (en) 2008-11-06 2010-06-16 华为技术有限公司 Method, device and system for identifying messages
US9344438B2 (en) 2008-12-22 2016-05-17 Qualcomm Incorporated Secure node identifier assignment in a distributed hash table for peer-to-peer networks
WO2010105099A2 (en) 2009-03-11 2010-09-16 Tekelec Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions
CN102415116B (en) 2009-05-01 2015-04-22 诺基亚公司 Systems, methods, and apparatuses for facilitating authorization of a roaming mobile terminal
US8856869B1 (en) 2009-06-22 2014-10-07 NexWavSec Software Inc. Enforcement of same origin policy for sensitive data
US8615217B2 (en) 2009-06-25 2013-12-24 Tekelec, Inc. Methods, systems, and computer readable media for detecting and mitigating fraud in a distributed monitoring system that includes fixed-location monitoring devices
US8965324B2 (en) 2009-07-08 2015-02-24 At&T Mobility Ii Llc E911 services using distributed nodes
JP5424314B2 (en) 2009-07-21 2014-02-26 日本電気株式会社 Femtocell base station, gateway system, MAPGW apparatus, communication system, method and apparatus program
US9818121B2 (en) 2009-07-31 2017-11-14 Visa International Space Association Mobile communications message verification of financial transactions
CA2777154C (en) 2009-10-09 2015-07-21 Consert Inc. Apparatus and method for controlling communications to and from utility service points
CN102656845B (en) 2009-10-16 2015-04-01 泰克莱克股份有限公司 Methods, systems, and computer readable media for providing diameter signaling router with integrated monitoring and/or firewall functionality
KR20110055888A (en) 2009-11-20 2011-05-26 삼성전자주식회사 Method for detecting reproduced mobile communication terminal and mobile communication terminal and mobile communication system using the same
US8331929B2 (en) 2009-11-24 2012-12-11 At&T Mobility Ii Llc Mobility-based reselection scan scheduling
US20130102231A1 (en) 2009-12-30 2013-04-25 3M Innovative Properties Company Organic particulate loaded polishing pads and method of making and using the same
US8787174B2 (en) 2009-12-31 2014-07-22 Tekelec, Inc. Methods, systems, and computer readable media for condition-triggered policies
US20110173122A1 (en) 2010-01-09 2011-07-14 Tara Chand Singhal Systems and methods of bank security in online commerce
US8505081B2 (en) 2010-01-29 2013-08-06 Qualcomm Incorporated Method and apparatus for identity reuse for communications devices
US9185510B2 (en) 2010-03-03 2015-11-10 Tekelec, Inc. Methods, systems, and computer readable media for managing the roaming preferences of mobile subscribers
US20110225091A1 (en) 2010-03-12 2011-09-15 Franco Plastina Methods, systems, and computer readable media for transactional fraud detection using wireless communication network mobility management information
EP2372987B1 (en) 2010-04-02 2013-07-17 Research In Motion Limited Solving character display ambiguities
US20110307381A1 (en) 2010-06-10 2011-12-15 Paul Kim Methods and systems for third party authentication and fraud detection for a payment transaction
CN101917698B (en) 2010-08-20 2013-03-27 北京瑞格特软件技术有限公司 Method and system for providing mobile equipment user information compatible with 3GPP protocol
US8620263B2 (en) 2010-10-20 2013-12-31 Tekelec, Inc. Methods, systems, and computer readable media for diameter routing agent (DRA) based credit status triggered policy control
US8396485B2 (en) 2010-11-09 2013-03-12 Apple Inc. Beacon-based geofencing
US8942747B2 (en) 2011-02-04 2015-01-27 Tekelec, Inc. Methods, systems, and computer readable media for provisioning a diameter binding repository
US20120203663A1 (en) 2011-02-07 2012-08-09 Carpadium Consulting Pty. Ltd. Method and apparatus for authentication utilizing location
US8433321B2 (en) 2011-02-09 2013-04-30 Renesas Mobile Corporation Method and apparatus for intelligently reporting neighbor information to facilitate automatic neighbor relations
US8693423B2 (en) 2011-02-16 2014-04-08 Tekelec, Inc. Methods, systems, and computer readable media for providing enhanced mobile subscriber location register fault recovery
US10168413B2 (en) 2011-03-25 2019-01-01 T-Mobile Usa, Inc. Service enhancements using near field communication
EP2695351B1 (en) 2011-04-04 2015-12-16 Telefonaktiebolaget L M Ericsson (publ) A method of and a support node for requesting registration of stationary user equipment in a cellular telecommunication system
WO2012158854A1 (en) 2011-05-16 2012-11-22 F5 Networks, Inc. A method for load balancing of requests' processing of diameter servers
US9713053B2 (en) 2011-07-06 2017-07-18 Mobileum, Inc. Network traffic redirection (NTR) in long term evolution (LTE)
JP5796396B2 (en) 2011-08-04 2015-10-21 富士通株式会社 Mobile radio communication apparatus and program
US9860390B2 (en) 2011-08-10 2018-01-02 Tekelec, Inc. Methods, systems, and computer readable media for policy event record generation
US9060263B1 (en) 2011-09-21 2015-06-16 Cellco Partnership Inbound LTE roaming footprint control
CN103179504B (en) 2011-12-23 2015-10-21 中兴通讯股份有限公司 User validation determination methods and device, user access the method and system of mailbox
US20130171988A1 (en) 2012-01-04 2013-07-04 Alcatel-Lucent Canada Inc. Imsi mcc-mnc best matching searching
CN103209402B (en) 2012-01-17 2018-03-23 中兴通讯股份有限公司 Set of terminal accessibility determines method and system
US9445138B2 (en) 2012-04-12 2016-09-13 Qualcomm Incorporated Broadcast content via over the top delivery
GB201207816D0 (en) * 2012-05-04 2012-06-13 Vodafone Ip Licensing Ltd Telecommunication networks
EP2675203B1 (en) 2012-06-11 2019-11-27 BlackBerry Limited Enabling multiple authentication applications
US9882950B2 (en) 2012-06-13 2018-01-30 All Purpose Networks LLC Methods and systems of an all purpose broadband network
US9015808B1 (en) 2012-07-11 2015-04-21 Sprint Communications Company L.P. Restricting mobile device services between an occurrence of an account change and acquisition of a security code
US11870776B2 (en) 2012-08-26 2024-01-09 Vokee Applications, Ltd. Redirecting cellular telephone communications through a data network
CN103686756B (en) 2012-09-17 2016-12-21 中国科学院沈阳自动化研究所 A kind of TDMA access device based on multi-access point and cut-in method thereof
US9106428B2 (en) 2012-10-04 2015-08-11 Broadcom Corporation Multicast switching for distributed devices
EP2918140B1 (en) 2012-11-07 2020-05-06 Provenance Asset Group LLC Proxy connection method and apparatus
US20150304220A1 (en) 2012-11-22 2015-10-22 Nec Corporation Congestion control system, control device, congestion control method and program
US9258257B2 (en) 2013-01-10 2016-02-09 Qualcomm Incorporated Direct memory access rate limiting in a communication device
CN103929730B (en) 2013-01-16 2017-12-29 华为终端有限公司 Trigger method, equipment and system that message is sent
US9462515B2 (en) 2013-01-17 2016-10-04 Broadcom Corporation Wireless communication system utilizing enhanced air-interface
US20140259012A1 (en) 2013-03-06 2014-09-11 Telefonaktiebolaget L M Ericsson (Publ) Virtual machine mobility with evolved packet core
US9774552B2 (en) 2013-03-14 2017-09-26 Qualcomm Incorporated Methods, servers and systems for verifying reported locations of computing devices
EP2979462B1 (en) 2013-03-29 2019-05-22 Mobileum Inc. Method and system for facilitating lte roaming between home and visited operators
US20140370922A1 (en) 2013-06-13 2014-12-18 Christopher Richards Method and apparatus of paging
US10115135B2 (en) 2013-07-03 2018-10-30 Oracle International Corporation System and method to support diameter credit control session redirection using SCIM/service broker
US20150038140A1 (en) 2013-07-31 2015-02-05 Qualcomm Incorporated Predictive mobility in cellular networks
US20150081579A1 (en) 2013-08-26 2015-03-19 Prepared Response, Inc. System for conveying data to responders and routing, reviewing and approving supplemental pertinent data
US9191803B2 (en) 2013-09-04 2015-11-17 Cellco Partnership Connection state-based long term evolution steering of roaming
EP2854462B1 (en) 2013-09-27 2016-03-30 Telefonaktiebolaget LM Ericsson (publ) Handling of subscriber deregistration
US9485099B2 (en) 2013-10-25 2016-11-01 Cliqr Technologies, Inc. Apparatus, systems and methods for agile enablement of secure communications for cloud based applications
EP2887761B1 (en) 2013-12-19 2018-10-03 Vodafone Holding GmbH Verification method for the verification of a Connection Request from a Roaming Mobile Entity
US9686343B2 (en) 2013-12-31 2017-06-20 Amadeus S.A.S. Metasearch redirection system and method
CN104780593B (en) 2014-01-13 2018-08-21 华为终端(东莞)有限公司 Reduce the method and apparatus of power consumption
US10009730B2 (en) 2014-01-30 2018-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Preloading data
JP6543276B2 (en) 2014-03-07 2019-07-10 グローバルスター, インコーポレイテッド Cell tower function with satellite access to allow cell devices to roam over a satellite network
EP3145228B1 (en) 2014-05-11 2019-03-06 LG Electronics Inc. Method and apparatus for signal transmission and reception of hss/mme in wireless communication system
US9450947B2 (en) 2014-05-20 2016-09-20 Motorola Solutions, Inc. Apparatus and method for securing a debugging session
JP6168415B2 (en) 2014-05-27 2017-07-26 パナソニックIpマネジメント株式会社 Terminal authentication system, server device, and terminal authentication method
US9455979B2 (en) 2014-07-31 2016-09-27 Nok Nok Labs, Inc. System and method for establishing trust using secure transmission protocols
GB2545869A (en) 2014-09-22 2017-06-28 Globetouch Inc Trading exchange for local data services
WO2016060640A1 (en) 2014-10-13 2016-04-21 Empire Technology Development Llc Verification location determination for entity presence confirmation of online purchases
US9693219B2 (en) 2014-10-24 2017-06-27 Ibasis, Inc. User profile conversion to support roaming
DE102014117713B4 (en) 2014-12-02 2016-12-01 GSMK Gesellschaft für sichere mobile Kommunikation mbH Method and device for securing a signaling system No. 7 interface
US20160183117A1 (en) 2014-12-17 2016-06-23 Mediatek Inc. Method and apparatus for throttling uplink data based on temperature state
US9445360B2 (en) 2014-12-17 2016-09-13 Verizon Patent And Licensing Inc. Method and system for providing global multiline roaming
US9515932B2 (en) 2015-02-06 2016-12-06 Oracle International Corporation Methods, systems, and computer readable media for conducting priority and compliance based message traffic shaping
SG11201706221RA (en) 2015-02-09 2017-08-30 Markport Ltd Improvements relating to messaging gateways
KR20170122794A (en) 2015-03-10 2017-11-06 어펌드 네트웍스, 인크. Improved redirection handling from the policy server
WO2016153423A1 (en) 2015-03-25 2016-09-29 Sixscape Communications Pte Ltd Apparatus and method for managing digital certificates
EP3280172B1 (en) 2015-04-01 2024-05-29 LG Electronics Inc. Method and device for transmitting, by v2x terminal, signal in wireless communication system
WO2016201352A1 (en) 2015-06-10 2016-12-15 Arris Enterprises Llc Code signing system with machine to machine interaction
CN106332067B (en) 2015-06-19 2020-02-21 华为技术有限公司 Method, device and system for preventing diameter signaling attack in wireless network
US10594673B1 (en) 2015-07-01 2020-03-17 Moovel North America, Llc Secure interprocess communications between mobile device applications using server-generated keys
US10567949B2 (en) 2015-07-16 2020-02-18 T-Mobile Usa, Inc. MMS termination on different networks
US9538335B1 (en) 2015-07-22 2017-01-03 International Business Machines Corporation Inferring device theft based on historical location data
US9912486B1 (en) 2015-08-27 2018-03-06 Amazon Technologies, Inc. Countersigned certificates
CN106576305B (en) 2015-09-21 2020-12-22 华为技术有限公司 Transmission power control method and device
EP3166345B1 (en) 2015-11-06 2022-03-30 Alcatel Lucent Support of mobile-terminated short message delivery for a user equipment in extended idle mode drx
US10292038B2 (en) 2015-11-09 2019-05-14 Lg Electronics Inc. Method for acquiring business operator network identification number of visited network
WO2017084006A1 (en) 2015-11-16 2017-05-26 Accenture Global Solutions Limited Telecommunication network signal analysis for matching a mobile device cellular identifier with a mobile device network identifier
US9930670B2 (en) 2015-11-25 2018-03-27 Network Performance Research Group Llc System, method, and apparatus for setting device geolocation via location proxies
US10009751B2 (en) 2015-12-28 2018-06-26 Cisco Technology, Inc. Virtual mobility anchor for network sharing
US9628994B1 (en) 2015-12-30 2017-04-18 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. Statistical system and method for catching a man-in-the-middle attack in 3G networks
US10085067B2 (en) 2016-01-12 2018-09-25 Ppc Broadband, Inc. Network interface device with dynamic noise conditioning
GB2547472A (en) 2016-02-19 2017-08-23 Intercede Ltd Method and system for authentication
US10382948B2 (en) 2016-02-22 2019-08-13 Cisco Technology, Inc. Consolidated control plane routing agent
US9788325B2 (en) 2016-03-01 2017-10-10 Wipro Limited Methods and systems for radio carriers management in a wireless broadband network
US10218625B2 (en) 2016-03-30 2019-02-26 New York University Methods and apparatus for alleviating congestion at a switch, such as a shallow buffered switch
US10893069B2 (en) 2016-04-06 2021-01-12 Nokia Technologies Oy Diameter edge agent attack detection
US9681360B1 (en) 2016-05-13 2017-06-13 Harris Corporation Managed access system that provides selective communications and registration of mobile wireless devices
US20170345006A1 (en) 2016-05-27 2017-11-30 Mastercard International Incorporated Systems and methods for location data verification
US11395092B2 (en) 2016-07-18 2022-07-19 Here Global B.V. Device location verification for updated map data
CN108307385B (en) 2016-08-31 2021-06-29 华为技术有限公司 Method and device for preventing signaling attack
CN107800664B (en) 2016-08-31 2021-06-15 华为技术有限公司 Method and device for preventing signaling attack
GB2553765A (en) 2016-09-07 2018-03-21 Evolved Intelligence Ltd Mobile device roaming
US10764376B2 (en) 2016-10-18 2020-09-01 Cisco Technology, Inc. System and method for node selection based on mid-session and end-session event information
US10470154B2 (en) 2016-12-12 2019-11-05 Oracle International Corporation Methods, systems, and computer readable media for validating subscriber location information
GB2558205B (en) * 2016-12-15 2019-07-03 Arm Ip Ltd Enabling communications between devices
US10237721B2 (en) 2017-01-17 2019-03-19 Oracle International Corporation Methods, systems, and computer readable media for validating a redirect address in a diameter message
US10405184B2 (en) 2017-01-31 2019-09-03 Harris Corporation Mobile wireless device managed access system providing enhanced authentication features and related methods
US10341411B2 (en) 2017-03-29 2019-07-02 Oracle International Corporation Methods, systems, and computer readable media for providing message encode/decode as a service
US10868893B2 (en) 2017-03-31 2020-12-15 Xilinx, Inc. Network interface device
WO2018202284A1 (en) 2017-05-03 2018-11-08 Telefonaktiebolaget Lm Ericsson (Publ) Authorizing access to user data
US10212538B2 (en) 2017-06-28 2019-02-19 Oracle International Corporation Methods, systems, and computer readable media for validating user equipment (UE) location
US10616200B2 (en) 2017-08-01 2020-04-07 Oracle International Corporation Methods, systems, and computer readable media for mobility management entity (MME) authentication for outbound roaming subscribers using diameter edge agent (DEA)
US10021738B1 (en) 2017-09-05 2018-07-10 Syniverse Technologies, Llc Method of providing data, voice, and SMS services to LTE subscribers roaming in 2G/3G visited networks
US10123165B1 (en) 2017-09-19 2018-11-06 International Business Machines Corporation Eliminating false positives of neighboring zones
US10820359B2 (en) 2017-10-13 2020-10-27 Syniverse Technologies, Llc GPRS tunneling protocol (GTP) traffic hub and associated method of use
CA3026841A1 (en) 2017-12-08 2019-06-08 Comcast Cable Communications, Llc User plane function selection for isolated network slice
CN110035433B (en) 2018-01-11 2024-03-19 华为技术有限公司 Verification method and device adopting shared secret key, public key and private key
US10387487B1 (en) 2018-01-25 2019-08-20 Ikorongo Technology, LLC Determining images of interest based on a geographical location
CN110167013B (en) 2018-02-13 2020-10-27 华为技术有限公司 Communication method and device
US10701032B2 (en) 2018-02-13 2020-06-30 Palo Alto Networks, Inc. Application layer signaling security with next generation firewall
US10548004B2 (en) 2018-02-15 2020-01-28 Nokia Technologies Oy Security management in communication systems between security edge protection proxy elements
US10791118B2 (en) 2018-03-29 2020-09-29 Mcafee, Llc Authenticating network services provided by a network
EP3547757A1 (en) 2018-03-30 2019-10-02 InterDigital CE Patent Holdings Wireless access point and method for providing backup network connections
US10992580B2 (en) 2018-05-07 2021-04-27 Cisco Technology, Inc. Ingress rate limiting in order to reduce or prevent egress congestion
EP3791537A4 (en) 2018-05-09 2022-01-19 Nokia Technologies Oy Security management for edge proxies on an inter-network interface in a communication system
US11792163B2 (en) 2018-05-12 2023-10-17 Nokia Technologies Oy Security management for network function messaging in a communication system
US20210203643A1 (en) 2018-05-21 2021-07-01 Telefonaktiebolaget Lm Ericsson (Publ) Message Transmission between Core Network Domains
US10484911B1 (en) 2018-05-23 2019-11-19 Verizon Patent And Licensing Inc. Adaptable radio access network
US11146577B2 (en) 2018-05-25 2021-10-12 Oracle International Corporation Methods, systems, and computer readable media for detecting and mitigating effects of abnormal behavior of a machine type communication (MTC) device
WO2019227350A1 (en) 2018-05-30 2019-12-05 北京小米移动软件有限公司 Processing method and apparatus for cell handover
WO2019228832A1 (en) 2018-06-01 2019-12-05 Nokia Technologies Oy A method for message filtering in an edge node based on data analytics
US10931668B2 (en) 2018-06-29 2021-02-23 Oracle International Corporation Methods, systems, and computer readable media for network node validation
US10306459B1 (en) 2018-07-13 2019-05-28 Oracle International Corporation Methods, systems, and computer readable media for validating a visitor location register (VLR) using a signaling system No. 7 (SS7) signal transfer point (STP)
JP7078850B2 (en) 2018-07-23 2022-06-01 日本電信電話株式会社 Network control device and network control method
US11050788B2 (en) 2018-07-30 2021-06-29 Cisco Technology, Inc. SEPP registration, discovery and inter-PLMN connectivity policies
WO2020027864A1 (en) 2018-07-31 2020-02-06 Didi Research America, Llc System and method for point-to-point traffic prediction
US10834045B2 (en) 2018-08-09 2020-11-10 Oracle International Corporation Methods, systems, and computer readable media for conducting a time distance security countermeasure for outbound roaming subscribers using diameter edge agent
US20210234706A1 (en) 2018-08-10 2021-07-29 Nokia Technologies Oy Network function authentication based on public key binding in access token in a communication system
CN112567833A (en) 2018-08-13 2021-03-26 苹果公司 Using User Equipment (UE) identifiers to register in a fifth generation (5G) system
US10511998B1 (en) 2018-08-29 2019-12-17 Syniverse Technologies, Llc System and method for identifying false short message service (SMS) delivery reports
US10834591B2 (en) 2018-08-30 2020-11-10 At&T Intellectual Property I, L.P. System and method for policy-based extensible authentication protocol authentication
EP3847782A4 (en) 2018-09-06 2022-05-04 Nokia Technologies Oy Automated roaming service level agreements between network operators via security edge protection proxies in a communication system environment
CN116801423A (en) 2018-09-19 2023-09-22 华为技术有限公司 Policy control method, device and system
US10574670B1 (en) 2018-09-27 2020-02-25 Palo Alto Networks, Inc. Multi-access distributed edge security in mobile networks
US10728875B2 (en) 2018-10-02 2020-07-28 Google Llc Scanning frequency selection for a wireless device
EP4060963A1 (en) 2018-11-05 2022-09-21 Telefonaktiebolaget LM Ericsson (publ) Fully qualified domain name handling for service interactions in 5g
CN111200845B (en) 2018-11-19 2022-09-23 华为技术有限公司 Resource information sending method, device and system
US10680964B1 (en) 2018-11-26 2020-06-09 Mellanox Technologies Tlv Ltd. Rate limiting in a multi-chassis environment by exchanging information between peer network elements
US11134430B2 (en) 2018-12-10 2021-09-28 At&T Intellectual Property I, L.P. System and method for detecting and acting upon a violation of terms of service
US20220124501A1 (en) 2019-01-18 2022-04-21 Nokia Solutions And Networks Oy Method and apparatus for protecting pdu sessions in 5g core networks
US20200259896A1 (en) 2019-02-13 2020-08-13 Telefonaktiebolaget Lm Ericsson (Publ) Industrial Automation with 5G and Beyond
WO2020164763A1 (en) 2019-02-13 2020-08-20 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatuses for alternative data over non-access stratum, donas, data delivery in a roaming scenario
CN111586674B (en) 2019-02-18 2022-01-14 华为技术有限公司 Communication method, device and system
WO2020174121A1 (en) 2019-02-28 2020-09-03 Nokia Technologies Oy Inter-mobile network communication authorization
JP7259977B2 (en) 2019-03-01 2023-04-18 日本電気株式会社 Terminal, method and program
CN111436081B (en) 2019-03-06 2023-06-30 维沃移动通信有限公司 Data transmission guaranteeing method and communication equipment
US20220191763A1 (en) 2019-03-15 2022-06-16 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for switching upfs
CN111800777B (en) 2019-04-08 2021-08-03 华为技术有限公司 Roaming data processing method, device and system
US10952063B2 (en) 2019-04-09 2021-03-16 Oracle International Corporation Methods, systems, and computer readable media for dynamically learning and using foreign telecommunications network mobility management node information for security screening
WO2020221956A1 (en) 2019-04-27 2020-11-05 Nokia Technologies Oy Service authorization for indirect communication in a communication system
CN113796111A (en) 2019-05-09 2021-12-14 三星电子株式会社 Apparatus and method for providing mobile edge computing service in wireless communication system
US11864092B2 (en) 2019-06-12 2024-01-02 Apple Inc. Performance measurements related to application triggering and SMS over NAS
US11140555B2 (en) 2019-06-18 2021-10-05 Cisco Technology, Inc. Location-based identification of potential security threat
US10834571B1 (en) 2019-08-02 2020-11-10 Syniverse Technologies, Llc Steering of roaming for 5G core roaming in an internet packet exchange network
US11102138B2 (en) 2019-10-14 2021-08-24 Oracle International Corporation Methods, systems, and computer readable media for providing guaranteed traffic bandwidth for services at intermediate proxy nodes
US11018971B2 (en) 2019-10-14 2021-05-25 Oracle International Corporation Methods, systems, and computer readable media for distributing network function (NF) topology information among proxy nodes and for using the NF topology information for inter-proxy node message routing
US20210142143A1 (en) 2019-11-11 2021-05-13 Kevin D. Howard Artificial intelligence systems and methods
US11341082B2 (en) 2019-11-19 2022-05-24 Oracle International Corporation System and method for supporting target groups for congestion control in a private fabric in a high performance computing environment
US11368839B2 (en) 2019-12-13 2022-06-21 T-Mobile Usa, Inc. Secure privacy provisioning in 5G networks
US11503052B2 (en) 2019-12-19 2022-11-15 Radware, Ltd. Baselining techniques for detecting anomalous HTTPS traffic behavior
US11411925B2 (en) 2019-12-31 2022-08-09 Oracle International Corporation Methods, systems, and computer readable media for implementing indirect general packet radio service (GPRS) tunneling protocol (GTP) firewall filtering using diameter agent and signal transfer point (STP)
US11337108B2 (en) 2020-02-19 2022-05-17 Verizon Patent And Licensing Inc. Uplink congestion control based on SIP messaging
US11539628B2 (en) 2020-06-23 2022-12-27 Arista Networks, Inc. Automated configuration of policer parameters
DE102020116791A1 (en) 2020-06-25 2021-12-30 Technische Universität Dresden Device and method for computer-aided processing of data
US11553342B2 (en) 2020-07-14 2023-01-10 Oracle International Corporation Methods, systems, and computer readable media for mitigating 5G roaming security attacks using security edge protection proxy (SEPP)
US11398956B2 (en) 2020-07-16 2022-07-26 Cisco Technology, Inc. Multi-Edge EtherChannel (MEEC) creation and management
US11368412B2 (en) 2020-07-31 2022-06-21 Avago Technologies International Sales Pte. Limited Power throttle for network switches
US11790113B2 (en) 2020-08-12 2023-10-17 Apple Inc. Secure storage and retrieval of sensitive information
US11751056B2 (en) 2020-08-31 2023-09-05 Oracle International Corporation Methods, systems, and computer readable media for 5G user equipment (UE) historical mobility tracking and security screening using mobility patterns
US11832172B2 (en) 2020-09-25 2023-11-28 Oracle International Corporation Methods, systems, and computer readable media for mitigating spoofing attacks on security edge protection proxy (SEPP) inter-public land mobile network (inter-PLMN) forwarding interface
US11825310B2 (en) 2020-09-25 2023-11-21 Oracle International Corporation Methods, systems, and computer readable media for mitigating 5G roaming spoofing attacks
US11956629B2 (en) 2020-10-06 2024-04-09 Lynk Global, Inc. Method and system for providing authentication of a wireless device and cell broadcast service between wireless mobile devices and a satellite network
US11616770B2 (en) 2020-10-16 2023-03-28 Verizon Patent And Licensing Inc. Systems and methods for authenticating user devices
US11622255B2 (en) 2020-10-21 2023-04-04 Oracle International Corporation Methods, systems, and computer readable media for validating a session management function (SMF) registration request
JP2023548372A (en) 2020-11-06 2023-11-16 オラクル・インターナショナル・コーポレイション Methods, systems, and computer-readable media for enforcing receive message rate limiting utilizing network capability identifiers
US11528251B2 (en) 2020-11-06 2022-12-13 Oracle International Corporation Methods, systems, and computer readable media for ingress message rate limiting
US11272560B1 (en) 2020-11-11 2022-03-08 At&T Intellectual Property I, L.P. Methods, systems, and devices for enhanced cell activation in a network supporting dual connectivity
US11770694B2 (en) 2020-11-16 2023-09-26 Oracle International Corporation Methods, systems, and computer readable media for validating location update messages
US20220158847A1 (en) 2020-11-16 2022-05-19 Nokia Technologies Oy Security procedure
US11463915B2 (en) 2020-11-30 2022-10-04 Verizon Patent And Licensing Inc. Systems and methods for exposing custom per flow descriptor attributes
US11818570B2 (en) 2020-12-15 2023-11-14 Oracle International Corporation Methods, systems, and computer readable media for message validation in fifth generation (5G) communications networks
US11418479B2 (en) 2020-12-17 2022-08-16 Oracle International Corporation Methods, systems, and computer readable media for creating internet protocol (IP) address pools from dynamic host configuration protocol (DHCP) servers to asynchronously serve IP address allocation requests by session management functions (SMFs)
US11812271B2 (en) 2020-12-17 2023-11-07 Oracle International Corporation Methods, systems, and computer readable media for mitigating 5G roaming attacks for internet of things (IoT) devices based on expected user equipment (UE) behavior patterns
EP4272471A1 (en) 2021-02-10 2023-11-08 Samsung Electronics Co., Ltd. Method and device for identifying service area in wireless communication system
US11700510B2 (en) 2021-02-12 2023-07-11 Oracle International Corporation Methods, systems, and computer readable media for short message delivery status report validation
US11516671B2 (en) 2021-02-25 2022-11-29 Oracle International Corporation Methods, systems, and computer readable media for mitigating location tracking and denial of service (DoS) attacks that utilize access and mobility management function (AMF) location service
US11689912B2 (en) 2021-05-12 2023-06-27 Oracle International Corporation Methods, systems, and computer readable media for conducting a velocity check for outbound subscribers roaming to neighboring countries

Similar Documents

Publication Publication Date Title
US11825310B2 (en) Methods, systems, and computer readable media for mitigating 5G roaming spoofing attacks
US11832172B2 (en) Methods, systems, and computer readable media for mitigating spoofing attacks on security edge protection proxy (SEPP) inter-public land mobile network (inter-PLMN) forwarding interface
US11528251B2 (en) Methods, systems, and computer readable media for ingress message rate limiting
JP2023548370A (en) METHODS, SYSTEM AND COMPUTER-READABLE MEDIA FOR RECEIVE MESSAGE RATE LIMITATION
US20210234706A1 (en) Network function authentication based on public key binding in access token in a communication system
JP2023553496A (en) Methods, systems and computer-readable media for performing message verification in fifth generation (5G) communication networks
JPWO2022066228A5 (en)
US11627467B2 (en) Methods, systems, and computer readable media for generating and using single-use OAuth 2.0 access tokens for securing specific service-based architecture (SBA) interfaces
JP2022550165A (en) Roaming signaling message transmission method, associated device and communication system
US11695563B2 (en) Methods, systems, and computer readable media for single-use authentication messages
US20220295282A1 (en) Methods, systems, and computer readable media for delegated authorization at security edge protection proxy (sepp)
US20210219137A1 (en) Security management between edge proxy and internetwork exchange node in a communication system
JPWO2022066227A5 (en)
JP2024517875A (en) Method, system, and computer-readable medium for concealing network function instance identifiers - Patents.com
JPWO2022098404A5 (en)
JP2023525092A (en) Secure communication methods and related devices and systems
JP2024509940A (en) Methods, systems, and computer-readable media for proxy authorization in a service communication proxy (SCP)
Ventura Diameter: Next generations AAA protocol
WO2021164458A1 (en) Communication method, related apparatus, and computer readable storage medium
JP7241202B2 (en) System and method for handling telescopic FQDN
US20230284008A1 (en) Roaming hub 5g interconnect for public line mobile networks
EP4240103A1 (en) Roaming hub 5g interconnect for public line mobile networks
CN116530053A (en) Method, system and computer readable medium for mitigating counterfeit attacks on Secure Edge Protection Proxy (SEPP) public land mobile network-to-PLMN (inter-PLMN) forwarding interfaces
CN116491140A (en) Method, system and computer readable medium for ingress message rate limiting