Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020065130 - SECURITY MANAGEMENT BETWEEN EDGE PROXY AND INTERNETWORK EXCHANGE NODE IN A COMMUNICATION SYSTEM

Publication Number WO/2020/065130
Publication Date 02.04.2020
International Application No. PCT/FI2019/050673
International Filing Date 20.09.2019
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04W 76/12 2018.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
76Connection management
10Connection setup
12Setup of transport tunnels
G06F 21/60 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
H04W 92/02 2009.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
92Interfaces specially adapted for wireless communication networks
02Inter-networking arrangements
CPC
G06F 21/60
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
H04L 29/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
02Communication control
06characterised by a protocol
H04W 76/12
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
76Connection management
10Connection setup
12Setup of transport tunnels
H04W 88/14
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
88Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
14Backbone network devices
H04W 88/182
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
88Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
18Service support devices; Network management devices
182Network node acting on behalf of an other network entity, e.g. proxy
H04W 92/02
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
92Interfaces specially adapted for wireless communication networks
02Inter-networking arrangements
Applicants
  • NOKIA TECHNOLOGIES OY [FI]/[FI]
Inventors
  • S BYKAMPADI, Nagendra
  • JERICHOW, Anja
  • NAIR, Suresh
Agents
  • NOKIA TECHNOLOGIES OY
  • UUSITALO, Arttu
Priority Data
20184103594124.09.2018IN
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) SECURITY MANAGEMENT BETWEEN EDGE PROXY AND INTERNETWORK EXCHANGE NODE IN A COMMUNICATION SYSTEM
(FR) GESTION DE SÉCURITÉ ENTRE UN MANDATAIRE DE PÉRIPHÉRIE ET UN NŒUD D'ÉCHANGE INTER-RÉSEAUX DANS UN SYSTÈME DE COMMUNICATION
Abstract
(EN)
In one example, a method initiates establishment of a secure tunnel by a security proxy element (e.g., SEPP) in a first communication network (e.g., VPLMN) with an internetwork exchange element (e.g., IPX node) which is operatively coupled between the first communication network and a second communication network(e.g., HPLMN). Upon establishment of the secure tunnel, the method sends a message from the security proxy element to the internetwork exchange element over the secure tunnel. The secure tunnel can be a VPN tunnel and can be established using TLS or IPsec. In one example, the internetwork exchange node functions as an HTTP proxy, and in another embodiment as an interception (e.g., MITM) proxy. In another example, HTTPS is used to establish a separate TLS connection for each HTTP message. In yet another example, the security proxy element is configured to select (and change as needed)the secure communication mechanism.
(FR)
Dans un exemple, l'invention porte sur un procédé qui déclenche l'établissement d'un tunnel sécurisé par un élément mandataire de sécurité (par exemple, un SEPP) dans un premier réseau de communication (par exemple, un VPLMN) avec un élément d'échange inter-réseaux (par exemple, un nœud IPX) qui est fonctionnellement couplé entre le premier réseau de communication et un second réseau de communication (par exemple, un HPLMN). À l'établissement du tunnel sécurisé, le procédé envoie un message de l'élément mandataire de sécurité à l'élément d'échange inter-réseaux sur le tunnel sécurisé. Le tunnel sécurisé peut être un tunnel VPN et peut être établi au moyen de TLS ou d'IPsec. Dans un exemple, le nœud d'échange inter-réseaux fait fonction de mandataire HTTP, et dans un autre mode de réalisation, de mandataire d'interception (par exemple, MITM). Dans un autre exemple, le protocole HTTPS est utilisé pour établir une connexion TLS séparée pour chaque message HTTP. Dans encore un autre exemple, l'élément mandataire de sécurité est configuré pour sélectionner (et changer si nécessaire) le mécanisme de communication sécurisée.
Latest bibliographic data on file with the International Bureau