WO2022191746A1 - Adaptation d'un dispositif de communication dans un nœud de réseau - Google Patents

Adaptation d'un dispositif de communication dans un nœud de réseau Download PDF

Info

Publication number
WO2022191746A1
WO2022191746A1 PCT/SE2021/050212 SE2021050212W WO2022191746A1 WO 2022191746 A1 WO2022191746 A1 WO 2022191746A1 SE 2021050212 W SE2021050212 W SE 2021050212W WO 2022191746 A1 WO2022191746 A1 WO 2022191746A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication device
adaptation
network node
trust
level
Prior art date
Application number
PCT/SE2021/050212
Other languages
English (en)
Inventor
Tommy Arngren
Bernard Smeets
Andreas Ljunggren
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/SE2021/050212 priority Critical patent/WO2022191746A1/fr
Publication of WO2022191746A1 publication Critical patent/WO2022191746A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/66Trust-dependent, e.g. using trust scores or trust relationships
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present disclosure relates to the field of adaptation and in particular to adapting a communication device via a network node.
  • Uripheral Plug and Play is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.
  • UPnP is intended primarily for residential networks without enterprise-class devices.
  • IP Internet Protocol
  • HTTPU HTTP unicast
  • UPnP extends plug and play— a technology for dynamically attaching devices directly to a computer.
  • UPnP is generally regarded as unsuitable for deployment in business settings for reasons of economy, complexity, and consistency: the multicast foundation makes it chatty, consuming too many network resources on networks with a large population of devices.
  • One object with the suggested technical solution is to provide an adaptation of a first communication device 100 based on the acquired data.
  • a method for a network node 102 for adapting a first communication device 100 is performed in a network node 102 and comprises the steps of: determining based on acquired data, associated with the first communication device 100, that an adaptation of the first communication device 100 is required; comparing the required adaptation to a determined trust level of the first communication device 100; determining a suggested adaptation, based on the comparison; notifying the user of the device of the suggested adaptation; receiving a response to the notification from the user; and executing an adaptation based on the suggested adaptation and the received response.
  • the method may further comprise the step of the acquired data comprise a request, received from the first communication device 100.
  • the request comprises a request for any of access rights or firmware update.
  • the adaptation further comprises an increase in the level of trust of the first communication device 100.
  • the acquired data comprises, at least one notification, received from at least one communication device other than the first communication device 100.
  • the notification is a notification of misbehaviour of the first communication device 100.
  • an executed monitoring is indicating any of a misbehaving or malfunctioning first communication device 100.
  • the suggested adaptation is determined based on at least one of events previously executed by the first communication device 100.
  • the adaptation comprises any of limiting the access rights for the first communication device 100 or lowering a level of trust of the first communication device 100.
  • the execution of the adaptation further comprises adaptation of trust level of the first communication device 100.
  • a network node is any of a gateway, a cloud server, a router device, or a firewall.
  • Figs 1 is a flow chart illustrating the method of adaption of the first communication device
  • Fig 2 is a flow chart illustrating determining and comparing the trust level and executing the adaption
  • FIG. 3 is a sequence diagram illustrating embodiments of methods for adapting the first communication device
  • Fig 4 is a sequence diagram illustrating of adapting the first communication device according to one embodiment
  • Fig 5 is a schematic diagram illustrating the first communication, and network node and the user according to one embodiment.
  • Fig. 1 is a flowchart referring to steps 110-122 which describes a method, executed in a network node for assisting in the adapting of a communication device, here referred to as a first communication device.
  • the network node acquire data from the first communication device, as indicated with step no, after which the network node determines, at least partly based on the acquired data, that an adaptation of the communication device is required, also according to the network node, as indicated with step 112.
  • the network node 102 could be e.g. a gateway, a cloud server, a router device, or a firewall, or any other type of network node, capable of assisting in an adaptation of a communication device, as described herein.
  • the acquired data can be a request, received from the first communication device, requesting e.g. a configuration, a software update or extended access rights. Then the required adaptation is compared to a determined level of trust of the first communication device, as indicated with step 114.
  • the level of trust defines as an indication on to what extent the network node can trust the first communication device, and thus, to what extent different required adaptations can be accepted by the network node.
  • the level of trust is based on the experience from previous information exchange between the network node and the first communication device and possibly also corresponding experience associated with the first communication device, received from other network nodes.
  • the level of trust is accessible to the network node through a database stored in, or accessible to the network node.
  • the network node checks if any device trusts the first communication device by notifying such a registered device, here referred to as a third communication device, as indicated with optional step 115b and get a response, as indicated with optional step 115c, indicating if the notified, third communication device actually trusts the communication device or not.
  • the network node may search a list of registered communication devices and notify any potential trusting device via e.g. WiFi or broadcast. A determination on an adaptation is made based on available information, as indicated with step 116, where the response from a trusting third communication device is considered if such a response is received.
  • the network node can make use of this information in its determination, wherein the chances of a grant of a request typically will increase.
  • a device of a specific brand could recognize a new product e.g. just bought at a store but that it is “a product unknown to the network node, i.e. a product that has never connected to the network node” of the same brand and verify that some adaptation would be allowed, say Miele dishwasher that detect that a new device (microwave oven) from Miele is within range.
  • the dishwasher could recognize and “I vouch for” it as a device belonging to the same “trademark family” which is trusted because of this.
  • a suggested adaptation is determined, as indicated with step 116, alternatively, additional data, such as e.g. historic data may be taken into consideration in the determination.
  • additional data such as e.g. historic data may be taken into consideration in the determination.
  • the user is notified of the determined adaptation as indicated with step 118.
  • the user can accept or reject the suggested adaptation, after which a response to the notification is received from the user by the network node, as indicated with step 120.
  • the suggested adaptation is communicated to the user and the user only verifies that a notification has been received but will not have any impact on the final adaptation. Unless a user of a third communication device has disapproved in step 120, the adaptation, as determined in step 116, is executed, as indicated with step 122.
  • the adaptation may include adaptation of a monitoring frequency of one or more relevant parameters, e.g. due to the detection from historical data that the first communication device has exceeded the amount of data traffic upload and/ or download, has attempted to access unauthorized URLs, or tried to access other devices within range in an unauthorized way, etc.,
  • the level of trust may limit the possible adaptations that can be provided by the network node, where e.g. access level, privacy is to be adapted, the level of trust can e.g. be classified as high, medium, and low.
  • the level of trust can e.g. be classified as high, medium, and low.
  • high level has been determined, there may e.g. be very extensive access provided and monitoring of the device may be limited or absent, whereas when the level of trust is medium, access is limited with more follow up monitoring activated, and at low level of trust, even more limited access is provided, and extensive monitoring may take place.
  • Fig. 2 is a flow chart referring to step 210-220, where the steps of Fig. 1 have been adapted according to a second embodiment, where an adaptation is executed by a network node if it is determined that a first communication device has been involved in, what appears to be a misbehaviour or malfunctioning.
  • the method according to the second embodiment maybe initiated e.g. by a communication device, here referred to as a second communication device, detecting erroneous behaviour during a call between the two communication devices, and transmitting a notification of this to the network node.
  • such triggering may require reception of a plurality of notifications, provided from the same or different communication devices, before the method is continued at step 212 and onwards, where misbehaviour or malfunctioning of a first communication device is determined and handled accordingly, i.e. the second embodiment is handling a situation where adaptation of the first communication is caused by misbehaviour or malfunctioning, and where the adaptation may include e.g. a bad call between two communication devices.
  • a misbehaviour or malfunctioning is determined based on one or more notifications, provided from one or more communication devices, other than the first communication device. When the network node detects unwanted network traffic it maybe enough for deciding to degrade the level of trust.
  • the network node determines that an adaptation of a level of trust is required, as indicated with step 212 by considering predefined rules for how to adapt the level of trust.
  • An adaptation may comprise a decrease or increase in the level of trust of the first communication device 100.
  • the acquired data consist of one or more notifications, received from one or more communication devices other than the first communication device 100.
  • Such a communication device from hereinafter referred to as a second communication device, may, during connection with the first communication device have experienced that the first communication device is malfunctioning. This information is provided to the network node in a notification, after which the network node may determine that a lowering of the level of trust is required, due to the severity of the malfunctioning.
  • the network node compares content of the notification with the level of trust, as indicated with step 214.
  • a suggested adaptation of the level of trust is then determined, as indicated with step 216.
  • the user is notified of the suggested change of level of trust, as indicated with step 218 and a response is received, as indicated with step 220.
  • the adaptation of the level of trust is executed, as indicated with step 220.
  • the adaptation of level of trust is executed, as indicated with step 222.
  • the level of trust can be classified as low, medium, and high, where the level of trust is decreased from low to medium or from medium to high level, gradually decreasing e.g. the allowed access for the first communication device.
  • the trust level is medium, revoke parts of access rights, at high level of trust, it allows the full capability of the device.
  • the network node may update the local and central server history with the executed adaptation and the same may be notified to the user.
  • a stepwise approach can be illustrated with a so-called circle of trust, where a circle of trust is to be construed as an approach by which sequentially increase or decrease of the level of trust can be executed. This can be done in any sequence based on the one or more notifications received and considered by a network node.
  • a first communication device 100 has first been acknowledged by the network (e.g. Wi-Fi router etc) and a first intent is enforced, e.g. by executing a firmware update, and the level of trust is increased in association with the enforcement, as indicated with step 1.
  • a successful first step enables the first communication device 100 to enter next level of trust, e.g. enforce a second intent as indicated with step 2, by repeating the method according to Fig. 1.
  • a second intent could be e.g. to access an associated cloud service.
  • a successful second step enables the first communication device to enter a next level of trust, e.g. enforce a third intent as indicated with step 3.
  • the network node increases the level of trust is at the same time as indicated with step 4, 5 & 6 if accepted by the user, whereas if the user are not accepted the level of trust is decreased at the same time as indicated with step 4, 5 & 6.
  • the device may get a new chance to re-enter previous level of trust, e.g. according to step 1, 2 or 3, depending on which level of trust that is applicable at the time.
  • any combination of sequential increase and decrease of the level of trust may also be possible.
  • Fig 4 is a signalling scheme, illustrating how the method according to Fig 1 can be executed in a system comprising a first communication device 100 requiring an adaptation, a network node 102 capable of handling such an adaptation and a third communication device 106 capable to announcing to the network node 102 that it trusts the first communication device 100, if this id the case.
  • the first communication device 100 sends a request 400 to the network node 102.
  • the network node 102 determines than an adaptation is required 402, e.g. by comparing the requested adaptation with rules and relevant settings.
  • the required adaptation is compared to a present “level of trust” of the first communication device 404. There is a checking taking place if any device that could possibly trust the first communication device is known to the first communication device, as indicated with optional step 405a. If at least one such communication device, here referred to as a third communication device, is known to the network node, the network node 102 notifies the third communication device in another optional step 405b and, after the third communication device has determined that it trusts the first communication device (not shown) a response is provided to the network node 102 in an optional step 405c, where the third communication device 106 notifies that it trusts the first communication device 100.
  • a third communication device here referred to as a third communication device
  • the network node 102 determines a suggested adaptation 406 and notify 408 the user the third communication device 106.
  • a response 410 from the user is then received by the network node 102, indicating whether the user acknowledge the request of the first communication device 100 or not.
  • the level of trust is compared with the data accumulated / data available to the network node. If the user acknowledge the adaptation, the first communication device 100 is notified of the granted adaptation 412 and in another step 414a, also the user of the third communication device is notified of the decision by the network node 102 to execute the adaptation, after which the network node 102, executes the adaptation 416 and, optionally, also history records of the network node maybe updated 420a accordingly.
  • the network node 102 may update the history 420b.
  • a system capable of increasing or decreasing the level of trust of a communication device, here referred to as first communication device 104, based on input from one or more other communication devices, here referred to as a second communication device 104, is suggested.
  • the second communication device 104 is capable of report a misbehaviour or malfunctioning of the first communication device 100 to the network node 102 in a notification.
  • the network node 102 determines that an adaptation of a level of trust is required 502 and the content of the notification is compared to the level of trust 504, and based on the comparison the network node 102, determines a suggested adaptation of the level of trust 506.
  • the network node 102 notify 508 the user of the third communication device 106.
  • a response 510 is transmitted from the user of the third communication device 106. If the user acknowledges the second communication device 104 the first communication device 100 is notified that the request is granted 512 and the user of the third communication device is notified 514a of the same decision, after which the network node 102, executes the adaptation 516 e.g. by increasing or decreasing the level of trust as described with reference to fig. 3. If the user does not acknowledge the second communication device 104 the 518 and the same will be notify 514b to user through the third communication device 106. [0037] According to one embodiment, the user will be notified, and given an opportunity to respond, thereby verifying that the notification has been received, but will not be able to have any impact on any decision of the network node.
  • the user will be notified and also given the opportunity to have impact on a decision of the network node by approving or rejecting the request.
  • a network node 102 capable of operating according to one or more of the embodiments described above maybe configures as described in Fig. 6.
  • the network node 102 capable of adapting a communication device in a network node 102, the network node 102 consist of at least one communication interface 604, at least one processor circuitry 606 and at least one memory device 608 comprising executable instructions or code, arranged as a computer program, which, when being executed by the processing circuitry 606, that determined based on acquired data, associated with the first communication device 102, that an adaptation of the first communication device is required.
  • the network node 102 sends and receives the signals to the first communication device 100 and third communication device 106 through communication interface 604.
  • the network node 102 sends and receives the signals to the user through the third communication device 106 regarding allowing or revoking the first communication device 100 to the home network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé d'adaptation d'un dispositif de communication, le procédé étant mis en œuvre dans un réseau et comprenant les étapes suivantes : la détermination, sur la base de données acquises, associées au premier dispositif de communication (100), qu'une adaptation du premier dispositif de communication (100) est requise ; la comparaison de l'adaptation requise à un niveau de confiance déterminé du premier dispositif de communication (100) ; la détermination d'une adaptation suggérée, sur la base de la comparaison ; la notification à l'utilisateur du dispositif de l'adaptation suggérée ; la réception d'une réponse à la notification provenant de l'utilisateur ; et l'exécution d'une adaptation sur la base de l'adaptation suggérée et de la réponse reçue.
PCT/SE2021/050212 2021-03-11 2021-03-11 Adaptation d'un dispositif de communication dans un nœud de réseau WO2022191746A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2021/050212 WO2022191746A1 (fr) 2021-03-11 2021-03-11 Adaptation d'un dispositif de communication dans un nœud de réseau

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2021/050212 WO2022191746A1 (fr) 2021-03-11 2021-03-11 Adaptation d'un dispositif de communication dans un nœud de réseau

Publications (1)

Publication Number Publication Date
WO2022191746A1 true WO2022191746A1 (fr) 2022-09-15

Family

ID=83228219

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2021/050212 WO2022191746A1 (fr) 2021-03-11 2021-03-11 Adaptation d'un dispositif de communication dans un nœud de réseau

Country Status (1)

Country Link
WO (1) WO2022191746A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100262706A1 (en) * 2009-04-10 2010-10-14 Raytheon Company Network Security Using Trust Validation
US20140096241A1 (en) * 2012-09-28 2014-04-03 Hong Li Cloud-assisted method and service for application security verification
US20150007273A1 (en) * 2013-06-28 2015-01-01 Qualcomm Incorporated Trust heuristic model for reducing control load in iot resource access networks
US20150358332A1 (en) * 2014-06-09 2015-12-10 Qualcomm Incorporated Determining trust levels on a device receiving authorization
US20160337375A1 (en) * 2015-05-14 2016-11-17 International Business Machines Corporation Establishing and using a trust level in mobile phones
US20180332065A1 (en) * 2017-05-11 2018-11-15 International Business Machines Corporation Authenticating an unknown device based on relationships with other devices in a group of devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100262706A1 (en) * 2009-04-10 2010-10-14 Raytheon Company Network Security Using Trust Validation
US20140096241A1 (en) * 2012-09-28 2014-04-03 Hong Li Cloud-assisted method and service for application security verification
US20150007273A1 (en) * 2013-06-28 2015-01-01 Qualcomm Incorporated Trust heuristic model for reducing control load in iot resource access networks
US20150358332A1 (en) * 2014-06-09 2015-12-10 Qualcomm Incorporated Determining trust levels on a device receiving authorization
US20160337375A1 (en) * 2015-05-14 2016-11-17 International Business Machines Corporation Establishing and using a trust level in mobile phones
US20180332065A1 (en) * 2017-05-11 2018-11-15 International Business Machines Corporation Authenticating an unknown device based on relationships with other devices in a group of devices

Similar Documents

Publication Publication Date Title
EP3080963B1 (fr) Procédés, dispositifs, et systèmes d'administration de réseau d'accès dynamique
US20180262533A1 (en) Monitoring Device Data and Gateway Data
US8256003B2 (en) Real-time network malware protection
US11722458B2 (en) Method and system for restricting transmission of data traffic for devices with networking capabilities
US7894470B2 (en) Systems, methods and computer products for pooling of wireless collection bandwidth
JP5803607B2 (ja) ネットワーク装置、ネットワーク装置の制御方法、ネットワーク装置の制御プログラム
WO2012019410A1 (fr) Procédé et appareil adaptés pour prévenir toute intrusion illégale dans le réseau interne d'une maison intelligente
US7451209B1 (en) Improving reliability and availability of a load balanced server
US10965789B2 (en) Method and system for updating a whitelist at a network node
JP2012080418A (ja) ネットワーク認証における端末接続状態管理
JP2013500663A (ja) 無線ネットワーク誤動作の検出及び解決
CN109714312A (zh) 一种基于外部威胁的采集策略生成方法及系统
US20120243477A1 (en) Wireless base station, communication system, and method of controlling communication
US11871471B1 (en) Process for managing reconnections of devices in a network
US20170293752A1 (en) Detecting Unauthorized Devices
CN113630266B (zh) 一种实例化边缘应用服务器的方法和装置
CN113206814A (zh) 一种网络事件处理方法、装置及可读存储介质
WO2021109726A1 (fr) Procédé, appareil et système de limitation de bande passante
US11606690B1 (en) Confidence based network provisioning of devices
US20210185534A1 (en) Method for securing accesses to a network, system and associated device
WO2022191746A1 (fr) Adaptation d'un dispositif de communication dans un nœud de réseau
US11611556B2 (en) Network connection request method and apparatus
US20240179534A1 (en) Filtering the access of a connected object to a local area communication network
US20230008762A1 (en) Network connection management
JP2024524536A (ja) エッジ・アプリケーション・サーバーをインスタンス化する方法及び装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21930512

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21930512

Country of ref document: EP

Kind code of ref document: A1