[go: up one dir, main page]

GB2643263A - Single sign-on authentication for API invokers in CAPIF - Google Patents

Single sign-on authentication for API invokers in CAPIF

Info

Publication number
GB2643263A
GB2643263A GB2411704.6A GB202411704A GB2643263A GB 2643263 A GB2643263 A GB 2643263A GB 202411704 A GB202411704 A GB 202411704A GB 2643263 A GB2643263 A GB 2643263A
Authority
GB
United Kingdom
Prior art keywords
authentication
api
capif
rof
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2411704.6A
Other versions
GB202411704D0 (en
Inventor
Bommisetty Sireesha
Amogh Niranth
Makham Mallikarjunudu
Brahmaiah Topuri
Khare Saurabh
Jerichow Anja
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Oy
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Priority to GB2411704.6A priority Critical patent/GB2643263A/en
Publication of GB202411704D0 publication Critical patent/GB202411704D0/en
Priority to PCT/IB2025/057881 priority patent/WO2026033364A1/en
Publication of GB2643263A publication Critical patent/GB2643263A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Stored Programmes (AREA)

Abstract

Single sign-on authentication of application programming interface invokers in a CAPIF system. using a Resource Owner Function (ROF), and an API Exposing Function. The methods allow an API invoker to invoke one or more Service APIs accessible via an API Exposing Function (AEF) for a time period without re-authentication. An expiry time feature may be used in which the API invoker may invoke one or more Service APIs for a time period without re-authentication until the expiry time is expired. The ROF certificate may be obtained from a CAPIF core function, following an authentication procedure with the CCF. The ROF may be part of a user equipment. The authentication may include a plain text API invoker ID.
GB2411704.6A 2024-08-08 2024-08-08 Single sign-on authentication for API invokers in CAPIF Pending GB2643263A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB2411704.6A GB2643263A (en) 2024-08-08 2024-08-08 Single sign-on authentication for API invokers in CAPIF
PCT/IB2025/057881 WO2026033364A1 (en) 2024-08-08 2025-08-01 Single sign-on authentication for api invokers in capif

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2411704.6A GB2643263A (en) 2024-08-08 2024-08-08 Single sign-on authentication for API invokers in CAPIF

Publications (2)

Publication Number Publication Date
GB202411704D0 GB202411704D0 (en) 2024-09-25
GB2643263A true GB2643263A (en) 2026-02-11

Family

ID=92800962

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2411704.6A Pending GB2643263A (en) 2024-08-08 2024-08-08 Single sign-on authentication for API invokers in CAPIF

Country Status (2)

Country Link
GB (1) GB2643263A (en)
WO (1) WO2026033364A1 (en)

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
3GPP TSG-SA WG6 Meeting #62-ad hoc-e S6a240192, e-meeting, 10th 18th July 2024 (revision of S6-242xxx) Standard number 3GPP TR 23.700-22 *
3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security aspects of Common API Framework (CAPIF) for 3GPP northbound APIs (Release 18) 3GPP TS 33.122 V18.4.0 (2024-06) *
Enhancing 3GPPCAPIFAuthentication and Authorization Across Mobile Operators Using OpenID Connect andSingleSign-On, Stylianou et al, 2023 IEEE International Conference on Communications (ICC): Communication QoS, Reliability and Modeling Symposium, pages 5310-5315, ISSN 1938-1883 *

Also Published As

Publication number Publication date
GB202411704D0 (en) 2024-09-25
WO2026033364A1 (en) 2026-02-12

Similar Documents

Publication Publication Date Title
US11223614B2 (en) Single sign on with multiple authentication factors
US10387639B2 (en) Apparatus and method for API authentication using two API tokens
EP2545676B1 (en) System and method for using a portable security device to cryptographically sign a document in response to signature requests from a relying party to a digital signature service
US9621341B2 (en) Anonymous verifiable public key certificates
WO2021021511A8 (en) Method and system for authenticating a secure credential transfer to a device
ATE253744T1 (en) METHOD AND DEVICE FOR SECURE PROCESSING OF CRYPTOGRAPHIC KEYS
ATE383690T1 (en) ARRANGEMENT AND METHOD FOR EXECUTING CODE
CN109635528A (en) A kind of wechat small routine user log-in method, equipment and storage equipment
KR20100005037A (en) Service control system, service control method, and service control program
AR064354A1 (en) AUTHENTICATION IN COMMUNICATIONS NETWORKS
CN111556029A (en) Identity authentication method and device based on Secure Element (SE)
CN111176710B (en) Operation method of terminal software management system and terminal software management system
CN112311531A (en) A controllable front-end and back-end secure communication method
GB2643259A (en) Single sign-on authentication for API invokers in CAPIF
GB2643263A (en) Single sign-on authentication for API invokers in CAPIF
GB2643261A (en) Single sign-on authentication for API invokers in CAPIF
US8832812B1 (en) Methods and apparatus for authenticating a user multiple times during a session
CN110034933A (en) Inter-system subscriber mutual trust authentication method and inter-system subscriber mutual trust Verification System
Ince et al. OAuth 2.0-based authentication solution for FPGA-enabled cloud computing
KR102027329B1 (en) Program executing authority authentication method and system
Reddy et al. An anonymous authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards.
US10367644B2 (en) Methods for managing content, computer program products and secure element
CN118013481A (en) Front-end based identity authentication method, device, equipment, system and medium
US11520873B2 (en) Enrollment of a device in a secure network
KR20050070381A (en) Authentication system based on one-time password