[go: up one dir, main page]

WO2025012984A1 - System and a method for bidirectional scheme translation - Google Patents

System and a method for bidirectional scheme translation Download PDF

Info

Publication number
WO2025012984A1
WO2025012984A1 PCT/IN2024/051009 IN2024051009W WO2025012984A1 WO 2025012984 A1 WO2025012984 A1 WO 2025012984A1 IN 2024051009 W IN2024051009 W IN 2024051009W WO 2025012984 A1 WO2025012984 A1 WO 2025012984A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
scheme
request
processors
sepp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/IN2024/051009
Other languages
French (fr)
Inventor
Aayush Bhatnagar
Sandeep Bisht
Rahul Mishra
Nupur Sharma
Anurag Sinha
Prashant Kumar Pandey
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jio Platforms Ltd
Original Assignee
Jio Platforms Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jio Platforms Ltd filed Critical Jio Platforms Ltd
Publication of WO2025012984A1 publication Critical patent/WO2025012984A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content

Definitions

  • the present invention generally relates to communication networks, and more particularly relates to a system and a method for bidirectional scheme conversion integrated within a Security Edge Protection Proxy (SEPP).
  • SEPP Security Edge Protection Proxy
  • SEPP Security Edge Protection Proxy
  • PLMN Public Land Mobile Network
  • SEPP is a just proxy enabled to authenticate, provide confidentiality protection, and enable integration protection between two different mobile service providers i.e., inter-PLMN.
  • TLS transport layer security
  • UDP User Datagram Protocol
  • TCP Transmission Control Protocol
  • the SEPP may act as interface between the two inter-PLMN networks. Since, the deployment of the SEPP is at the edge of the network, and SEPP relies on the TLS, non-secured communication can be exchanged within the periphery or within the edge of the network.
  • One or more embodiments of the present disclosure provide a system and method for bidirectional scheme translation.
  • a system for bidirectional scheme translation includes a conversion unit configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from a first node to the second node.
  • the system further includes a storage unit configured to store data pertaining to the first node and the associated first scheme, the second node and the associated second scheme and the request at a cache memory.
  • the system further includes a transceiver configured to transmit the request from the first node to the second node utilizing the second scheme associated with the first node.
  • the system includes the transceiver configured to receive a response from the second node utilizing the second scheme subsequent to transmission of the request from the first node to the second node.
  • the system further includes the conversion unit configured to convert the second scheme to the first scheme pertaining to the response from the second node subsequent to checking at the cache memory of utilization of the first scheme by the first node while transmitting the request to the second node.
  • the transceiver unit configured to transmit the response from the second node to the first node utilizing the converted first scheme.
  • the scheme is at least one of a protocol.
  • the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
  • HTTPS Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol
  • the one or more acceptable schemes of the second node include schemes which the second node is compatible to transmit and receive data.
  • the one or more processors performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP).
  • SEPP is at least one of, a Consumer SEPP (cSEPP), Producer SEPP (pSEPP).
  • the request received from the first node is at least one of, a Uniform Resource Locator (URL).
  • URL Uniform Resource Locator
  • the cache memory stores a mapping information pertaining to the first scheme with the second scheme.
  • mapping information including at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name, wherein the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
  • identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name
  • the one or more processors performs at least one of, enabling or disabling the conversions pertaining to the schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node.
  • a method for bidirectional scheme translation includes the steps of converting a first scheme associated with a request to a second scheme by a conversion unit based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from a first node to the second node.
  • the method includes the steps of storing data pertaining to the first node and the associated first scheme, the second node and the associated second scheme and the request at a cache memory by a storage unit.
  • the method further includes transmitting the request from the first node to the second node utilizing the second scheme associated with the first node by a transceiver.
  • the method further includes receiving a response from the second node utilizing the second scheme subsequent to transmission of the request from the first node to the second node by the transceiver.
  • the method further includes converting the second scheme to the first scheme pertaining to the response from the second node by the conversion unit subsequent to checking at the cache memory of utilization of the first scheme by the first node while transmitting the request to the second node. Further, the method includes transmitting the response from the second node to the first node utilizing the converted first scheme by the transceiver.
  • the scheme is at least one of a protocol.
  • the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
  • HTTPS Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol
  • the one or more acceptable schemes of the second node include schemes which the second node is compatible to transmit and receive data.
  • the one or more processors performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP), wherein the SEPP is at least one of, a Consumer SEPP (cSEPP), Producer SEPP (pSEPP).
  • SEPP Security Edge Protection Proxy
  • cSEPP Consumer SEPP
  • pSEPP Producer SEPP
  • the request received from the first node is at least one of, a Uniform Resource Locator (URL).
  • URL Uniform Resource Locator
  • the cache memory stores a mapping information pertaining to the first scheme with the second scheme.
  • mapping information including at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name, wherein the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
  • IP Internet Protocol
  • FQDN Fully Qualified Domain Name
  • the one or more processors performs at least one of, enabling or disabling the conversions pertaining to the schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node.
  • a User Equipment includes one or more primary processors communicatively coupled to one or more processors and a memory.
  • the memory stores instructions which when executed by the one or more primary processors causes the UE to transmit a request to a second node in order to avail one or more services.
  • a non-transitory computer- readable medium having stored thereon computer-readable instructions that, when executed by a processor.
  • the processor is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from a first node to the second node.
  • the processor is configured to store data pertaining to the first node and the associated first scheme, the second node and the associated second scheme and the request at a cache memory.
  • the processor is configured to transmit the request from the first node to the second node utilizing the second scheme associated with the first node.
  • the processor is configured to receive a response from the second node utilizing the second scheme subsequent to transmission of the request from the first node to the second node.
  • the processor is configured to convert the second scheme to the first scheme pertaining to the response from the second node subsequent to checking at the cache memory of utilization of the first scheme by the first node while transmitting the request to the second node.
  • the processor is configured to transmit the response from the second node to the first node utilizing the converted first scheme.
  • FIG. 1 is an exemplary block diagram of an environment for a bidirectional scheme translation, according to one or more embodiments of the present disclosure
  • FIG. 2 illustrates a block diagram of a system for a bidirectional scheme translation, according to the one or more embodiments of the present disclosure
  • FIG. 3 is a schematic representation of the present system of FIG. 1 workflow, according to the one or more embodiments of the present disclosure
  • FIG. 4 shows a block diagram of the Security Edge Protection Proxy (SEPP) server of the system acting as cSEPP, according to the one or more embodiments of the present disclosure
  • FIG. 5 shows a block diagram of the SEPP server of the system acting as pSEPP, according to the one or more embodiments of the present disclosure
  • FIG. 6 shows a flow diagram of a method for a bidirectional scheme translation, according to the one or more embodiments of the present disclosure
  • FIG. 7 illustrates a flow chart of a request in cSEPP server, shown in the FIG. 4, in accordance with the exemplary embodiment of the present disclosure
  • FIG. 8 illustrates a flow chart of a response in cSEPP server, shown in the FIG. 4, in accordance with the exemplary embodiment of the present disclosure
  • FIG. 9 illustrates a flow chart of a response in pSEPP server, shown in the FIG. 5, in accordance with the exemplary embodiment of the present disclosure.
  • FIG. 10 illustrates a flow chart of a request in pSEPP server, shown in the FIG. 5, in accordance with the exemplary embodiment of the present subject matter.
  • - HA High Availability components, or applications which can operate at a high level, continuously, without intervention, for a given time period.
  • Fully Qualified Domain Name - FQDN_port Refers to a network communication method that includes both the Fully Qualified Domain Name (FQDN) and a specific port number. It is used to establish a connection to a specific service or application running on a network resource identified by its FQDN.
  • FQDN Fully Qualified Domain Name
  • FQDN_port Refers to a network communication method that includes both the Fully Qualified Domain Name (FQDN) and a specific port number. It is used to establish a connection to a specific service or application running on a network resource identified by its FQDN.
  • FQDN_servicename refers to the combination of a Fully Qualified Domain Name (FQDN) and a specific service name. It represents a network resource or service identified by its FQDN, along with the name of the service it provides.
  • FQDN Fully Qualified Domain Name
  • Consumer - SEPP, cSEPP resides in the PLMN where the service consumer NF is located.
  • Producer - SEPP, pSEPP resides in the PLMN where the service producer NF is located.
  • Various embodiments of the invention provide a system and a method for a bidirectional scheme translation.
  • SEPP Security Edge Protection Proxy
  • NFs Network Functions
  • the SEPP converts into the HTTP.
  • the SEPP transmits the response to the other NFs.
  • the NF will store the data (FQDN_servicename/FQDN_port) in a cache memory.
  • the SEPP receives the request, if the scheme is HTTP.
  • the HTTP is converted into the HTTPS, if the FQDN_servicename/FQDN_port exists in a cache memory while forwarding the request.
  • FIG. 1 illustrates an exemplary block diagram of an environment 100 for bidirectional scheme translation, according to one or more embodiments of the present disclosure.
  • the environment 100 may comprise a plurality of User Equipments (UEs).
  • the plurality of UEs may be represented as a first UE 102 and a second UE 108 for ease of disclosure.
  • the plurality of UEs is communicably connected to a plurality of servers.
  • the plurality of servers may be configured to host a Security Edge Protection Proxy (SEPP) and may be referred to as a SEPP server.
  • SEPP Security Edge Protection Proxy
  • the plurality of servers may include, but not limited to, a cSEPP server 104 and a pSEPP server 110.
  • the cSEPP server 104 and the pSEPP server 110 may include by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a business telephony application server (BTAS), a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof.
  • the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise, a defence facility, or any other facility that provides content.
  • the first UE 102 and the cSEPP server 104 may belong to the same service provider/network.
  • the cSEPP server 104 may be further communicably connected to the first UE 102 via a communication network 106.
  • the second UE 108 and the pSEPP server 110 may belong to different service providers.
  • the pSEPP server 110 may be further communicably connected to the second UE 108 via the communication network 114.
  • the first UE 102, and the second UE 108 may belong to different networks, i.e., different service providers.
  • the cSEPP server 104 and the pSEPP server 110 may act as an interface for enabling communication between the first UE 102, and the second UE 108 via a Public Land Mobile Network (PLMN) 112.
  • PLMN Public Land Mobile Network
  • the PLMN 112 is a combination of wireless communication services offered by a specific operator in a specific country.
  • the PLMN 112 is identified by a globally unique PLMN code, which consists of a Mobile Country Code (MCC) and a Mobile Network Code (MNC).
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • the PLMN code is a five-to-six-digit number identifying a country, and a mobile network operator in that country.
  • the network 106, and/or network 114 may use one or more wireless interfaces/protocols such as, for example, 802.11 (Wi-Fi), 802.15 (including BluetoothTM), 802.16 (Wi-Max), 802.22, Cellular standards such as CDMA, CDMA2000, WCDMA, Radio Frequency (e.g., RFID), Infrared, laser, Near Field Magnetics, etc.
  • the network 106, and/or network 114 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc.
  • the network may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet- switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
  • PSTN Public-Switched Telephone Network
  • the environment 100 further includes the system 125 communicably coupled to the plurality of servers 104 and 110 and the plurality of UEs 102 and 108 via the network 106 and 114.
  • the system 125 is configured for performing bidirectional scheme translation.
  • the system 125 may be integrated with any application including but not limited to, a System Management Facility (SMF), an Access and Mobility Management Function (AMF), a Business Telephony Application Server (BTAS), a Converged Telephony Application Server (CTAS), any SIP (Session Initiation Protocol) Application Server which interacts with core Internet Protocol Multimedia Subsystem (IMS) on Industrial Control System (ISC) interface as defined by 3GPP to host a wide array of cloud telephony enterprise services, a System Information Blocks (SIB)/and a Mobility Management Entity (MME).
  • SIF System Management Facility
  • AMF Access and Mobility Management Function
  • BTAS Business Telephony Application Server
  • CAS Converged Telephony Application Server
  • IMS Internet Protocol Multimedia Subsystem
  • ISC Industrial Control System
  • SIB System Information Blocks
  • MME Mobility Management Entity
  • FIG. 2 illustrates a block diagram of the system 125 for a bidirectional scheme translation, according to one or more embodiments of the present invention.
  • FIG. 2 illustrates a block diagram of the system 125 for bidirectional scheme translation, according to one or more embodiments of the present disclosure.
  • the system 125 is adapted to be embedded within the cSEPP server 104 and the pSEPP server 110 or is embedded as an individual entity. However, for the purpose of description, the system 125 is described as an integral part of the cSEPP server 104 and the pSEPP server 110, without deviating from the scope of the present disclosure.
  • the system 125 includes one or more processors 205, a memory 210, and an input/output (RO) interface unit 215.
  • the one or more processor 205 hereinafter referred to as the processor 205 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions.
  • the system 125 includes one or more processors 205.
  • the system 125 may include multiple processors as per the requirement and without deviating from the scope of the present disclosure.
  • the one or more processors 205 is configured to fetch and execute computer-readable instructions stored in the memory 210.
  • the memory 210 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service.
  • the memory 210 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
  • the input/output (RO) interface unit 215 includes a variety of interfaces, for example, interfaces for data input and output devices, referred to as Input/Output (RO) devices, storage devices, and the like.
  • the I/O interface unit 215 facilitates communication of the system 125.
  • the RO interface unit 215 provides a communication pathway for one or more components of the system 125. Examples of such components include, but are not limited to, the plurality of UEs 102, 108 and a database 240.
  • the database 240 is one of, but is not limited to, one of a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No-Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth.
  • NoStructured Query Language (NoSQL) database No-Structured Query Language
  • object-oriented database a personal database
  • an in-memory database a document-based database
  • a time series database a time series database
  • a wide column database a key value database
  • search database a cache databases, and so forth.
  • the foregoing examples of the backend database 240 types are non-limiting and may not be mutually exclusive e.
  • the one or more processors 205 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the one or more processors 205.
  • programming for the one or more processors 205 may be processorexecutable instructions stored on a non-transitory machine-readable storage medium and the hardware for one or more processors 205 may comprise a processing resource (for example, one or more processors), to execute such instructions.
  • the memory 210 may store instructions that, when executed by the processing resource, implement the one or more processors 205.
  • system 125 may comprise the memory 210 storing the instructions and the processing resource to execute the instructions, or the memory 210 may be separate but accessible to the system 125 and the processing resource.
  • the one or more processors 205 may be implemented by electronic circuitry.
  • the processor 205 includes a conversion unit 220, a storage unit 225, and a transceiver 230 communicably coupled to each other.
  • the conversion unit 220 of the processor 205 is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node 406 (shown in FIG. 4), when the request is initiated to be transmitted from a first node 402 (shown in FIG. 4) to the second node.
  • the scheme is at least one of a protocol.
  • the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
  • HTTPS Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol Secure
  • HTTPS is designed to provide a secure communication channel over a computer network, ensuring the confidentiality and integrity of the data being transmitted between a user's web browser and a website.
  • the HTTP is an application layer protocol that enables transfer of the hypertext, such as text, images, videos, and other multimedia content, between web servers and web browsers.
  • the HTTP is the basis for any data exchange on the web, and it is a stateless protocol, meaning that each request from a client to a server is independent and unrelated to previous requests.
  • the HTTPS is not a separate protocol from the HTTP. Rather, the HTTPS is a variant that uses Transport Layer Security (TLS)/Secure Sockets Layer (SSL) encryption over the HTTP to secure communications.
  • TLS Transport Layer Security
  • SSL Secure Sockets Layer
  • the web server and the web browser communicate to each other over the HTTPS and can exchange TLS/SSL certificates to verify the provider's identity and protect the user and their data.
  • the one or more acceptable schemes of the second node 406 include schemes which the second node 406 is compatible to transmit and receive data.
  • the conversion unit 220 of the processor 205 performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP).
  • SEPP Security Edge Protection Proxy
  • the Security Edge Protection Proxy (SEPP) is a proxy deployed at the edge or the perimeter of the PLMN 112 and enables secured communication between inter-PLMN network messages.
  • the SEPP is just proxy enabled to authenticate, provide confidentiality protection, and enable integration protection between two different mobile service providers i.e., inter-PLMN.
  • the SEPP is at least one of, a Consumer SEPP (cSEPP), and a Producer SEPP (pSEPP).
  • the storage unit 225 stores data pertaining to the first node 402 and the second node 406 and the request at a cache memory when the first scheme associated with the request is converted to the second scheme based on checking one or more acceptable schemes of the second node 406 by the conversion unit 220.
  • the storage unit 225 of the processor 205 is configured to store data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at the cache memory.
  • the request or the data includes a Uniform Resource Identifier (URI) in a from Uniform Resource Locator (URL).
  • URI Uniform Resource Identifier
  • URL Uniform Resource Locator
  • the URI is a string of characters that identifies or names a resource on the internet. The URIs are used to identify resources.
  • the URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet.
  • the URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
  • the cache memory is configured to store a mapping information pertaining to the first scheme with the second scheme.
  • the mapping information includes at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name.
  • IP Internet Protocol
  • FQDN Fully Qualified Domain Name
  • the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
  • the FQDN is a complete and specific domain name that uniquely identifies a particular host or the resource on the internet.
  • the FQDN is formed by combining a hostname and a domain name, providing a complete and unambiguous reference to a location of the resource within a Domain Name System (DNS) hierarchy.
  • DNS Domain Name System
  • the transceiver 230 of the processor 205 is configured to transmit the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402.
  • the request received from the first node 402 is at least one of, a Uniform Resource Locator (URL).
  • the transceiver 230 of the processor 205 is configured to receive a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node 406.
  • the conversion unit 220 is configured to convert the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory of utilization of the first scheme by the first node 402 while transmitting the request to the second node.
  • the transceiver unit 230 is configured to transmit the response from the second node 406 to the first node 402 utilizing the converted first scheme when the request transmitted from the first node 402 is received by the second node.
  • the conversion unit 220 is configured to perform at least one of, enabling or disabling the conversions pertaining to schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node.
  • FIG. 3 is a schematic representation of the present system of FIG. 1 workflow, according to various embodiments of the present system.
  • the first UE 102a includes one or more primary processors 305 communicably coupled to the one or more processors 205 of the system 125.
  • the one or more primary processors 305 are coupled with a memory unit 310 storing instructions which are executed by the one or more primary processors 305. Execution of the stored instructions by the one or more primary processors 305 enables the first UE 110a to transmit the request to the second node 406 in order to avail one or more services.
  • the first UE 102 may comprise a memory such as a volatile memory (e.g., RAM), a non-volatile memory (e.g., disk memory, FLASH memory, EPROMs, etc.), an unalterable memory, and/or other types of memory.
  • the memory might be configured or designed to store data.
  • the data may pertain to attributes and access rights specifically defined for the first UE 102.
  • the first UE 102 may be configured to connect with the cSEPP server 104 through the network 106.
  • the one or more processors 205 of the system 125 is configured to transmit the request from the first node 402 and receive the response from the second node 406 by using the backend database 240. More specifically, the one or more processors 205 of the system 125 is configured to convert the first scheme associated with the request to the second scheme based on checking one or more acceptable schemes of the second node 406 and the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory of utilization of the first scheme by the first node 402.
  • the conversion unit 220 of the processor 205 is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from the first node 402 to the second node.
  • the scheme is at least one of a protocol.
  • the first scheme is a Hypertext Transfer
  • HTTPS Hypertext Transfer Protocol
  • HTTPS Hypertext Transfer Protocol Secure
  • HTTPS Hypertext Transfer Protocol Secure
  • HTTPS Secure version of Hypertext Transfer Protocol
  • HTTP Hypertext Transfer Protocol
  • the storage unit 225 of the processor 205 is configured to store data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at the cache memory.
  • the request or the data includes a Uniform Resource Identifier (URI) in a from Uniform Resource Locator (URL).
  • URI Uniform Resource Identifier
  • URL Uniform Resource Locator
  • the URI is a string of characters that identifies or names a resource on the internet.
  • the URIs are used to identify resources.
  • the URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet.
  • the URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
  • the transceiver 230 of the processor 205 is configured to transmit the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402.
  • the request received from the first node 402 is at least one of, a Uniform Resource Locator (URL).
  • the transceiver 230 of the processor 205 is configured to receive a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node.
  • FIG. 4 shows a block diagram of the SEPP server 104, of the system 125 acting as cSEPP, in accordance with an exemplary embodiment of the present subject matter.
  • the cSEPP server 104 may be communicably connected with a first cache memory 404.
  • the cache memory 404 may be configured to store attributes of the HTTPS based URL. Further the attributes of the HTTPS URL may refer to FQDN_servicename or FQDN_port. Further the first node 402 may be communicably connected with the cSEPP server 104.
  • the cSEPP server 104 is configured to receive the request in HTTP protocol from the first node 402. Further the HTTP protocol may be translated into the HTTPS protocol and the request may be forwarded to the second node 406 hosted by another service provider. Further in another aspect cSEPP server 104, may be configured to receive the response in HTTPS protocol from the second node 406. The response received via HTTPS protocol from the second node 406 by the cSEPP server 104 may be forwarded as response via HTTP protocol to the first node 402.
  • FIG. 5 shows a block diagram of the SEPP server 110, of the system 125 acting as pSEPP, in accordance with an exemplary embodiment of the present subject matter.
  • the pSEPP server 110 may be communicably connected with a second cache memory 504.
  • the cache memory 504 may be configured to store attributes of the HTTPS based URL. Further the attributes of the HTTPS URL may refer to FQDN_servicename or FQDN_port. Further the second node 406 may be communicably connected with the pSEPP server 110.
  • the pSEPP server 110 may be configured to receive the request utilizing the HTTPS protocol. Further the associated attributes of the HTTPS are retrieved from the cache memory 504. The request received in the HTTPS protocol is translated into the request in the HTTP protocol by the pSEPP server 110. Further the request is forwarded to the second node 406, utilizing the HTTP protocol. [0081] The cSEPP server 110, may be further configured to send the response from the second node 406 to the first node 402 when the request is received from the second node 406 utilizing the HTTP protocol. Further the response may be translated into the HTTPS protocol based on the mapping of the FQDN_servicename or FQDN_port retrieved from the cache memory 504. Further the response may be forwarded to the first node 402 utilizing the HTTPS protocol upon translation.
  • FIG. 6 illustrates a flow diagram of a method 600 for bidirectional scheme translation, according to one or more embodiments of the present disclosure.
  • the method 600 is described with the embodiments as illustrated in the FIG. 2 and should nowhere be construed as limiting the scope of the present disclosure.
  • the method 600 includes the step of converting a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from the first node 402 to the second node 406 by the conversion unit 220.
  • the scheme is at least one of a protocol.
  • the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
  • HTTPS Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol Secure
  • HTTP Hypertext Transfer Protocol Secure
  • the method includes the step of performing conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP) by the conversion unit 220.
  • SEPP Security Edge Protection Proxy
  • SEPP is a proxy deployed at the edge or the perimeter of the Public Land Mobile Network (PLMN) 112 and enables secured communication between inter-PLMN network messages.
  • the SEPP is a just proxy enabled to authenticate, provide confidentiality protection, and enable integration protection between two different mobile service providers i.e., inter-PLMN.
  • the SEPP is at least one of, a Consumer SEPP (cSEPP) 104, and a Producer SEPP (pSEPP) 110.
  • cSEPP Consumer SEPP
  • pSEPP Producer SEPP
  • the storage unit 225 stores data pertaining to the first node 402 and the second node 406 and the request at a cache memory when the first scheme associated with the request to the second scheme is converted by the conversion unit 220 based on checking one or more acceptable schemes of the second node.
  • the method 600 includes the step of storing data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at the cache memory by the storage unit 225.
  • the request or the data includes a Uniform Resource Identifier (URI) in a from Uniform Resource Locator (URL).
  • URI Uniform Resource Identifier
  • URL Uniform Resource Locator
  • the URI is a string of characters that identifies or names a resource on the internet.
  • the URIs are used to identify resources.
  • the URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet.
  • the URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
  • the cache memory is configured to store a mapping information pertaining to the first scheme with the second scheme.
  • the mapping information includes at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name.
  • IP Internet Protocol
  • FQDN Fully Qualified Domain Name
  • the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
  • the FQDN is a complete and specific domain name that uniquely identifies a particular host or the resource on the internet.
  • the FQDN is formed by combining a hostname and a domain name, providing a complete and unambiguous reference to a location of the resource within a Domain Name System (DNS) hierarchy.
  • DNS Domain Name System
  • the method 600 includes the step of transmitting the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402 by the transceiver 230.
  • the request received from the first node 402 is at least one of, a Uniform Resource Locator (URL).
  • the URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet.
  • the URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
  • the method 600 includes the step of receiving a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node 406 by the transceiver 230.
  • the conversion unit 220 is configured to convert the second scheme to the first scheme pertaining to the response from the second node 406 when the response is received from the second node 406 to the first node 402.
  • the method 600 includes the step of converting the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory of utilization of the first scheme by the first node 402 while transmitting the request to the second node 406 by the conversion unit 220.
  • the method 600 includes the step of transmitting the response from the second node 406 to the first node 402 utilizing the converted first scheme by the transceiver unit 230 when the request transmitted from the first node 402 is received by the second node.
  • the conversion unit 220 is configured to perform at least one of, enabling or disabling the conversions pertaining to schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node 406.
  • FIG. 7 illustrates a flow chart of request 700 in cSEPP server 104, shown in the FIG. 4, in accordance with the exemplary embodiment of the present subject matter.
  • the request is received from the first node 402.
  • the request received may be in the URL form.
  • the scheme of the request is identified, i.e., if the requested URL is in HTTPS or HTTP protocol. Further mapping the scheme with data present in the cache memory 404. Further at step 706, determining if the scheme, request or the data includes the URI in the from URL.
  • step 708 converting the scheme HTTP to HTTPS at the cSEPP 104 if the URI is determined at step 706 by the cSEPP 104. Further the cSEPP 104 at step 710, forwarding the request to the second node 406.
  • FIG. 8 illustrates a flow chart of response 800 in cSEPP server 104, shown in the FIG. 4, in accordance with the exemplary embodiment of the present subject matter.
  • the cSEPP server 104 at step 802 may be configured to receive a response from the second node 406. Further at step 804, extracting the scheme from the response by the cSEPP server 104. At step 806, determining if the extracted scheme is in HTTP protocol. If the extracted scheme is in HTTP protocol at step 808, forwarding the response to the first node 402.
  • step 810 converting the scheme HTTPS to HTTP using the cSEPP 104 in case at step 806 the extracted scheme is determined to be HTTPS. Further upon converting the scheme, at step 808 forwarding the converted response to the first node 402. Further at step 810, storing the scheme converted data in the cache memory 404.
  • FIG. 9 illustrates a flow chart of response 900 in pSEPP server 110, shown in the FIG. 5, in accordance with the exemplary embodiment of the present subject matter.
  • the response is received from the second node 406.
  • the scheme of the response is identified, i.e., if the scheme is present in the cache memory 504. Further mapping the scheme with data present in the cache memory 504. Further at step 906, determining if the scheme of the response comprises URI in the from URL.
  • step 908 converting the scheme HTTP to HTTPS at the pSEPP server 110 if the URI is determined at step 906 by the pSEPP 110.
  • FIG. 10 illustrates a flow chart of request 1000 in pSEPP server 110, shown in the FIG. 5, in accordance with the exemplary embodiment of the present subject matter.
  • the pSEPP server 110 at step 1002 may be configured to receive the request from the first node 402. Further at step 1004, extracting the scheme from the response by the pSEPP server 110. At step 1006, determining if the extracted scheme is in HTTP protocol. If the extracted scheme is in HTTP protocol at step 1008, forwarding the request to the second node 406.
  • step 1010 converting the scheme HTTPS to HTTP using the pSEPP 110 in case at step 1006 the extracted scheme is determined to be HTTPS. Further upon converting the scheme, at step 1008 forwarding the converted request to the second node 406. Further at step 1010, storing the scheme converted data in the cache memory 504.
  • the present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions.
  • the computer- readable instructions are executed by a processor 205 is disclosed.
  • the processor 205 is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node 406, when the request is initiated to be transmitted from a first node 402 to the second node 406.
  • the processor 205 is configured to store data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at a cache memory 404.
  • the processor 205 is configured to transmit the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402.
  • the processor 205 is further configured to receive a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node 406.
  • the processor 205 is further configured to convert the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory 404 of utilization of the first scheme by the first node 402 while transmitting the request to the second node 406.
  • the processor 205 is further configured to transmit the response from the second node 406 to the first node 402 utilizing the converted first scheme.
  • the present disclosure incorporates technical advancement of receiving the foreign request and converting the first scheme to the second scheme from the first node to the second node and storing the converted scheme in the cache memory.
  • the second node After receiving the converted scheme by the second node, the second node sends the response received by using the SEPP, which transmits the response forwarded to the first node. Thereafter, the second scheme is converted into the first scheme if the response forwarded exists in the cache memory.
  • the SEPP can utilize the HTTP protocol which provides high throughput and low computation requirements.
  • the SEPP provides telescopic FQDNs and wildcard domain certificates on behalf of the NF, so there is no requirement of SSL certificate and domain registration, thereby reducing the complexity of the present invention. Further, the SEPP can provide authentication and management of foreign network certificates.
  • the present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.
  • I/O interface unit - 215 [00111]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present disclosure relates to a system (125) and a method (600) for bidirectional scheme translation The system (125) includes a conversion unit (220) converts a first scheme to a second scheme based on acceptable schemes of a second node (406), when the request is initiated to be transmitted from a first node (402) to the second node. A storage unit (225) stores data pertaining to the first scheme, the second scheme and the request at a memory. A transceiver (230) transmits the request from the first node to the second node and receives a response from the second node subsequent to transmission of the request from the first node to the second node. Further, the conversion unit (220) converts the second scheme to the first scheme. Further, the transceiver (230) transmits the response from second node to first node. The method (600) includes various steps for bidirectional scheme translation.

Description

A SYSTEM AND A METHOD FOR BIDIRECTIONAL SCHEME TRANSLATION
FIELD OF THE INVENTION
[0001] The present invention generally relates to communication networks, and more particularly relates to a system and a method for bidirectional scheme conversion integrated within a Security Edge Protection Proxy (SEPP).
BACKGROUND OF THE INVENTION
[0002] Security Edge Protection Proxy (SEPP) is a proxy deployed at an edge or a perimeter of a Public Land Mobile Network (PLMN) and enables secured communication between inter-PLMN network messages. SEPP is a just proxy enabled to authenticate, provide confidentiality protection, and enable integration protection between two different mobile service providers i.e., inter-PLMN.
[0003] For e.g., a person visiting India with a SIM issued in another country can access the mobile network in India, with roaming enabled using the SEPP deployed at various geo-sites. Further the SEPP implemented transport layer security (TLS) for the service layer information exchanged between two different PLMNs. The TLS connection may be implemented on a User Datagram Protocol (UDP) or a Transmission Control Protocol (TCP).
[0004] Further as the SEPP is deployed at the edge of the network, the SEPP may act as interface between the two inter-PLMN networks. Since, the deployment of the SEPP is at the edge of the network, and SEPP relies on the TLS, non-secured communication can be exchanged within the periphery or within the edge of the network.
[0005] Using of HTTP or unencrypted communication within the edge of the SEPP, enables reduced latency in the communication, since time is not lost in encryption and decryption. [0006] However, converting HTTP into HTTPS and vice versa provides a major challenge, and therefore there is need for a system and a method enabling bidirectional translation.
SUMMARY OF THE INVENTION
[0007] One or more embodiments of the present disclosure provide a system and method for bidirectional scheme translation.
[0008] In one aspect of the present invention, a system for bidirectional scheme translation is disclosed. The system includes a conversion unit configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from a first node to the second node. The system further includes a storage unit configured to store data pertaining to the first node and the associated first scheme, the second node and the associated second scheme and the request at a cache memory. The system further includes a transceiver configured to transmit the request from the first node to the second node utilizing the second scheme associated with the first node. Further, the system includes the transceiver configured to receive a response from the second node utilizing the second scheme subsequent to transmission of the request from the first node to the second node. The system further includes the conversion unit configured to convert the second scheme to the first scheme pertaining to the response from the second node subsequent to checking at the cache memory of utilization of the first scheme by the first node while transmitting the request to the second node. Further the system includes the transceiver unit configured to transmit the response from the second node to the first node utilizing the converted first scheme.
[0009] In one embodiment, the scheme is at least one of a protocol.
[0010] In another embodiment, the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP). [0011] In yet another embodiment, the one or more acceptable schemes of the second node include schemes which the second node is compatible to transmit and receive data.
[0012] In yet another embodiment, the one or more processors performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP). The SEPP is at least one of, a Consumer SEPP (cSEPP), Producer SEPP (pSEPP).
[0013] In yet another embodiment, the request received from the first node is at least one of, a Uniform Resource Locator (URL).
[0014] In yet another embodiment, the cache memory stores a mapping information pertaining to the first scheme with the second scheme.
[0015] In yet another embodiment, the mapping information including at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name, wherein the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
[0016] In yet another embodiment, the one or more processors performs at least one of, enabling or disabling the conversions pertaining to the schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node.
[0017] In another aspect of the present invention, a method for bidirectional scheme translation is disclosed. The method includes the steps of converting a first scheme associated with a request to a second scheme by a conversion unit based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from a first node to the second node. The method includes the steps of storing data pertaining to the first node and the associated first scheme, the second node and the associated second scheme and the request at a cache memory by a storage unit. The method further includes transmitting the request from the first node to the second node utilizing the second scheme associated with the first node by a transceiver. The method further includes receiving a response from the second node utilizing the second scheme subsequent to transmission of the request from the first node to the second node by the transceiver. The method further includes converting the second scheme to the first scheme pertaining to the response from the second node by the conversion unit subsequent to checking at the cache memory of utilization of the first scheme by the first node while transmitting the request to the second node. Further, the method includes transmitting the response from the second node to the first node utilizing the converted first scheme by the transceiver.
[0018] In an embodiment, the scheme is at least one of a protocol.
[0019] In another embodiment, the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
[0020] In yet another embodiment, the one or more acceptable schemes of the second node include schemes which the second node is compatible to transmit and receive data.
[0021] In yet another embodiment, the one or more processors performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP), wherein the SEPP is at least one of, a Consumer SEPP (cSEPP), Producer SEPP (pSEPP).
[0022] In yet another embodiment, the request received from the first node is at least one of, a Uniform Resource Locator (URL).
[0023] In yet another embodiment, the cache memory stores a mapping information pertaining to the first scheme with the second scheme.
[0024] In yet another embodiment, the mapping information including at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name, wherein the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN. [0025] In yet another embodiment, the one or more processors performs at least one of, enabling or disabling the conversions pertaining to the schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node.
[0026] In another aspect of the present invention, a User Equipment (UE) is disclosed. The UE includes one or more primary processors communicatively coupled to one or more processors and a memory. The memory stores instructions which when executed by the one or more primary processors causes the UE to transmit a request to a second node in order to avail one or more services.
[0027] In another aspect of the present invention, a non-transitory computer- readable medium having stored thereon computer-readable instructions that, when executed by a processor is disclosed. The processor is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from a first node to the second node. The processor is configured to store data pertaining to the first node and the associated first scheme, the second node and the associated second scheme and the request at a cache memory. The processor is configured to transmit the request from the first node to the second node utilizing the second scheme associated with the first node. The processor is configured to receive a response from the second node utilizing the second scheme subsequent to transmission of the request from the first node to the second node. The processor is configured to convert the second scheme to the first scheme pertaining to the response from the second node subsequent to checking at the cache memory of utilization of the first scheme by the first node while transmitting the request to the second node. The processor is configured to transmit the response from the second node to the first node utilizing the converted first scheme.
[0028] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all- inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0029] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0030] FIG. 1 is an exemplary block diagram of an environment for a bidirectional scheme translation, according to one or more embodiments of the present disclosure;
[0031] FIG. 2 illustrates a block diagram of a system for a bidirectional scheme translation, according to the one or more embodiments of the present disclosure;
[0032] FIG. 3 is a schematic representation of the present system of FIG. 1 workflow, according to the one or more embodiments of the present disclosure; [0033] FIG. 4 shows a block diagram of the Security Edge Protection Proxy (SEPP) server of the system acting as cSEPP, according to the one or more embodiments of the present disclosure;
[0034] FIG. 5 shows a block diagram of the SEPP server of the system acting as pSEPP, according to the one or more embodiments of the present disclosure;
[0035] FIG. 6 shows a flow diagram of a method for a bidirectional scheme translation, according to the one or more embodiments of the present disclosure;
[0036] FIG. 7, illustrates a flow chart of a request in cSEPP server, shown in the FIG. 4, in accordance with the exemplary embodiment of the present disclosure;
[0037] FIG. 8, illustrates a flow chart of a response in cSEPP server, shown in the FIG. 4, in accordance with the exemplary embodiment of the present disclosure;
[0038] FIG. 9, illustrates a flow chart of a response in pSEPP server, shown in the FIG. 5, in accordance with the exemplary embodiment of the present disclosure; and
[0039] FIG. 10, illustrates a flow chart of a request in pSEPP server, shown in the FIG. 5, in accordance with the exemplary embodiment of the present subject matter.
[0040] The foregoing shall be more apparent from the following detailed description of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0041] Some embodiments of the present disclosure, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0042] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0043] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0044] Glossary
- NMS: Network Management System
- HA: High Availability components, or applications which can operate at a high level, continuously, without intervention, for a given time period.
- HSM: HA State Manager
- PDU: Protocol Data Unit
- SEPP: Security Edge Protection Proxy
- HTTP: Hypertext Transfer Protocol
- HTTPS: Hypertext Transfer Protocol Secure
- PLMN: Public Land Mobile Network
- NF: Network Functions
- FQDN: Fully Qualified Domain Name - FQDN_port: Refers to a network communication method that includes both the Fully Qualified Domain Name (FQDN) and a specific port number. It is used to establish a connection to a specific service or application running on a network resource identified by its FQDN.
- FQDN_servicename: Refers to the combination of a Fully Qualified Domain Name (FQDN) and a specific service name. It represents a network resource or service identified by its FQDN, along with the name of the service it provides.
- cSEPP: Consumer - SEPP, cSEPP resides in the PLMN where the service consumer NF is located.
- pSEPP: Producer - SEPP, pSEPP resides in the PLMN where the service producer NF is located.
- URL: Uniform Resource Locator
- URI: Uniform Resource Identifier
[0045] Various embodiments of the invention provide a system and a method for a bidirectional scheme translation. In a Security Edge Protection Proxy (SEPP), generally all the Network Functions (NFs) operate using HTTP. When a foreign request is received, where the URL is present at the HTTPS scheme. The SEPP converts into the HTTP. After converting the HTTPS into the HTTP, the SEPP transmits the response to the other NFs. The NF will store the data (FQDN_servicename/FQDN_port) in a cache memory. In another embodiment, the SEPP receives the request, if the scheme is HTTP. The HTTP is converted into the HTTPS, if the FQDN_servicename/FQDN_port exists in a cache memory while forwarding the request.
[0046] Referring to FIG. 1, FIG. 1 illustrates an exemplary block diagram of an environment 100 for bidirectional scheme translation, according to one or more embodiments of the present disclosure. The environment 100 may comprise a plurality of User Equipments (UEs). The plurality of UEs may be represented as a first UE 102 and a second UE 108 for ease of disclosure. Further the plurality of UEs is communicably connected to a plurality of servers. The plurality of servers, may be configured to host a Security Edge Protection Proxy (SEPP) and may be referred to as a SEPP server. The plurality of servers may include, but not limited to, a cSEPP server 104 and a pSEPP server 110.
[0047] The cSEPP server 104 and the pSEPP server 110 may include by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a business telephony application server (BTAS), a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof. In an embodiment, the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise, a defence facility, or any other facility that provides content.
[0048] In one embodiment, the first UE 102 and the cSEPP server 104 may belong to the same service provider/network. The cSEPP server 104 may be further communicably connected to the first UE 102 via a communication network 106. In another embodiment, the second UE 108 and the pSEPP server 110 may belong to different service providers. The pSEPP server 110 may be further communicably connected to the second UE 108 via the communication network 114. In a preferred embodiment, the first UE 102, and the second UE 108 may belong to different networks, i.e., different service providers.
[0049] In another embodiment, the cSEPP server 104 and the pSEPP server 110 may act as an interface for enabling communication between the first UE 102, and the second UE 108 via a Public Land Mobile Network (PLMN) 112. As used herein, the PLMN 112 is a combination of wireless communication services offered by a specific operator in a specific country. Further, the PLMN 112 is identified by a globally unique PLMN code, which consists of a Mobile Country Code (MCC) and a Mobile Network Code (MNC). Hence, the PLMN code is a five-to-six-digit number identifying a country, and a mobile network operator in that country.
[0050] The network 106, and/or network 114, may use one or more wireless interfaces/protocols such as, for example, 802.11 (Wi-Fi), 802.15 (including Bluetooth™), 802.16 (Wi-Max), 802.22, Cellular standards such as CDMA, CDMA2000, WCDMA, Radio Frequency (e.g., RFID), Infrared, laser, Near Field Magnetics, etc. Further, the network 106, and/or network 114 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The network may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet- switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
[0051] The environment 100 further includes the system 125 communicably coupled to the plurality of servers 104 and 110 and the plurality of UEs 102 and 108 via the network 106 and 114. The system 125 is configured for performing bidirectional scheme translation.
[0052] In various embodiments, the system 125 may be integrated with any application including but not limited to, a System Management Facility (SMF), an Access and Mobility Management Function (AMF), a Business Telephony Application Server (BTAS), a Converged Telephony Application Server (CTAS), any SIP (Session Initiation Protocol) Application Server which interacts with core Internet Protocol Multimedia Subsystem (IMS) on Industrial Control System (ISC) interface as defined by 3GPP to host a wide array of cloud telephony enterprise services, a System Information Blocks (SIB)/and a Mobility Management Entity (MME).
[0053] Operational and construction features of the system 125 will be explained in detail with respect to the following figures.
[0054] FIG. 2 illustrates a block diagram of the system 125 for a bidirectional scheme translation, according to one or more embodiments of the present invention.
[0055] Referring to FIG. 2, FIG. 2 illustrates a block diagram of the system 125 for bidirectional scheme translation, according to one or more embodiments of the present disclosure. The system 125 is adapted to be embedded within the cSEPP server 104 and the pSEPP server 110 or is embedded as an individual entity. However, for the purpose of description, the system 125 is described as an integral part of the cSEPP server 104 and the pSEPP server 110, without deviating from the scope of the present disclosure.
[0056] In an embodiment, the system 125 includes one or more processors 205, a memory 210, and an input/output (RO) interface unit 215. The one or more processor 205, hereinafter referred to as the processor 205 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions. As per the illustrated embodiment, the system 125 includes one or more processors 205. However, it is to be noted that the system 125 may include multiple processors as per the requirement and without deviating from the scope of the present disclosure. Among other capabilities, the one or more processors 205 is configured to fetch and execute computer-readable instructions stored in the memory 210.
[0057] The memory 210 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 210 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
[0058] In an embodiment, the input/output (RO) interface unit 215 includes a variety of interfaces, for example, interfaces for data input and output devices, referred to as Input/Output (RO) devices, storage devices, and the like. The I/O interface unit 215 facilitates communication of the system 125. In one embodiment, the RO interface unit 215 provides a communication pathway for one or more components of the system 125. Examples of such components include, but are not limited to, the plurality of UEs 102, 108 and a database 240.
[0059] The database 240 is one of, but is not limited to, one of a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No-Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth. The foregoing examples of the backend database 240 types are non-limiting and may not be mutually exclusive e.g., a database can be both commercial and cloud-based, or both relational and open-source, etc.
[0060] Further, the one or more processors 205, in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the one or more processors 205. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the one or more processors 205 may be processorexecutable instructions stored on a non-transitory machine-readable storage medium and the hardware for one or more processors 205 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 210 may store instructions that, when executed by the processing resource, implement the one or more processors 205. In such examples, the system 125 may comprise the memory 210 storing the instructions and the processing resource to execute the instructions, or the memory 210 may be separate but accessible to the system 125 and the processing resource. In other examples, the one or more processors 205 may be implemented by electronic circuitry.
[0061] In order for the system 125 for bidirectional scheme translation, the processor 205 includes a conversion unit 220, a storage unit 225, and a transceiver 230 communicably coupled to each other.
[0062] The conversion unit 220 of the processor 205 is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node 406 (shown in FIG. 4), when the request is initiated to be transmitted from a first node 402 (shown in FIG. 4) to the second node. In an embodiment, the scheme is at least one of a protocol. In another embodiment, the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP). The Hypertext Transfer Protocol Secure, commonly known as HTTPS, is a secure version of the Hypertext Transfer Protocol (HTTP), which is the protocol used for transmitting data over the World Wide Web. HTTPS is designed to provide a secure communication channel over a computer network, ensuring the confidentiality and integrity of the data being transmitted between a user's web browser and a website. The HTTP is an application layer protocol that enables transfer of the hypertext, such as text, images, videos, and other multimedia content, between web servers and web browsers. The HTTP is the basis for any data exchange on the web, and it is a stateless protocol, meaning that each request from a client to a server is independent and unrelated to previous requests.
[0063] In a preferred embodiment, the HTTPS is not a separate protocol from the HTTP. Rather, the HTTPS is a variant that uses Transport Layer Security (TLS)/Secure Sockets Layer (SSL) encryption over the HTTP to secure communications. When the web server and the web browser communicate to each other over the HTTPS and can exchange TLS/SSL certificates to verify the provider's identity and protect the user and their data. In another embodiment, the one or more acceptable schemes of the second node 406 include schemes which the second node 406 is compatible to transmit and receive data.
[0064] Further, the conversion unit 220 of the processor 205 performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP). The Security Edge Protection Proxy (SEPP) is a proxy deployed at the edge or the perimeter of the PLMN 112 and enables secured communication between inter-PLMN network messages. The SEPP is just proxy enabled to authenticate, provide confidentiality protection, and enable integration protection between two different mobile service providers i.e., inter-PLMN. In one embodiment, the SEPP is at least one of, a Consumer SEPP (cSEPP), and a Producer SEPP (pSEPP). The storage unit 225 stores data pertaining to the first node 402 and the second node 406 and the request at a cache memory when the first scheme associated with the request is converted to the second scheme based on checking one or more acceptable schemes of the second node 406 by the conversion unit 220.
[0065] As per the illustrated embodiment, the storage unit 225 of the processor 205 is configured to store data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at the cache memory. In one embodiment, the request or the data includes a Uniform Resource Identifier (URI) in a from Uniform Resource Locator (URL). As used herein, the URI is a string of characters that identifies or names a resource on the internet. The URIs are used to identify resources. The URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet. The URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server. [0066] In a preferred embodiment, the cache memory is configured to store a mapping information pertaining to the first scheme with the second scheme. In one embodiment, the mapping information includes at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name. The one or more combinations of the URL attributes are mapped with the SEPP verified FQDN. The FQDN is a complete and specific domain name that uniquely identifies a particular host or the resource on the internet. The FQDN is formed by combining a hostname and a domain name, providing a complete and unambiguous reference to a location of the resource within a Domain Name System (DNS) hierarchy.
[0067] The transceiver 230 of the processor 205 is configured to transmit the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402. The request received from the first node 402 is at least one of, a Uniform Resource Locator (URL). Further, the transceiver 230 of the processor 205 is configured to receive a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node 406.
[0068] In a preferred embodiment, the conversion unit 220 is configured to convert the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory of utilization of the first scheme by the first node 402 while transmitting the request to the second node. The transceiver unit 230 is configured to transmit the response from the second node 406 to the first node 402 utilizing the converted first scheme when the request transmitted from the first node 402 is received by the second node. Further, the conversion unit 220 is configured to perform at least one of, enabling or disabling the conversions pertaining to schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node. [0069] FIG. 3 is a schematic representation of the present system of FIG. 1 workflow, according to various embodiments of the present system.
[0070] As mentioned earlier in FIG. 1, the first UE 102a includes one or more primary processors 305 communicably coupled to the one or more processors 205 of the system 125. The one or more primary processors 305 are coupled with a memory unit 310 storing instructions which are executed by the one or more primary processors 305. Execution of the stored instructions by the one or more primary processors 305 enables the first UE 110a to transmit the request to the second node 406 in order to avail one or more services.
[0071] The first UE 102 may comprise a memory such as a volatile memory (e.g., RAM), a non-volatile memory (e.g., disk memory, FLASH memory, EPROMs, etc.), an unalterable memory, and/or other types of memory. In one implementation, the memory might be configured or designed to store data. The data may pertain to attributes and access rights specifically defined for the first UE 102. The first UE 102 may be configured to connect with the cSEPP server 104 through the network 106.
[0072] As mentioned earlier in FIG. 2, the one or more processors 205 of the system 125 is configured to transmit the request from the first node 402 and receive the response from the second node 406 by using the backend database 240. More specifically, the one or more processors 205 of the system 125 is configured to convert the first scheme associated with the request to the second scheme based on checking one or more acceptable schemes of the second node 406 and the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory of utilization of the first scheme by the first node 402.
[0073] The conversion unit 220 of the processor 205 is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from the first node 402 to the second node. In an embodiment, the scheme is at least one of a protocol. In another embodiment, the first scheme is a Hypertext Transfer
Y1 Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP). The Hypertext Transfer Protocol Secure, commonly known as HTTPS, is a secure version of the Hypertext Transfer Protocol (HTTP), which is the protocol used for transmitting data over the World Wide Web.
[0074] The storage unit 225 of the processor 205 is configured to store data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at the cache memory. In one embodiment, the request or the data includes a Uniform Resource Identifier (URI) in a from Uniform Resource Locator (URL). As used herein, the URI is a string of characters that identifies or names a resource on the internet. The URIs are used to identify resources. The URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet. The URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
[0075] The transceiver 230 of the processor 205 is configured to transmit the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402. The request received from the first node 402 is at least one of, a Uniform Resource Locator (URL). Further, the transceiver 230 of the processor 205 is configured to receive a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node.
[0076] Hence, for the sake of brevity, similar description related to the working and operation of the system 125 as illustrated in FIG. 2 has been omitted to avoid repetition. The limited description provided for the system 125 in FIG. 3, should be read with the description as provided for the system 125 in the FIG. 2 above, and should not be construed as limiting the scope of the present disclosure. [0077] FIG. 4 shows a block diagram of the SEPP server 104, of the system 125 acting as cSEPP, in accordance with an exemplary embodiment of the present subject matter. The cSEPP server 104, may be communicably connected with a first cache memory 404. The cache memory 404, may be configured to store attributes of the HTTPS based URL. Further the attributes of the HTTPS URL may refer to FQDN_servicename or FQDN_port. Further the first node 402 may be communicably connected with the cSEPP server 104.
[0078] In one embodiment, the cSEPP server 104 is configured to receive the request in HTTP protocol from the first node 402. Further the HTTP protocol may be translated into the HTTPS protocol and the request may be forwarded to the second node 406 hosted by another service provider. Further in another aspect cSEPP server 104, may be configured to receive the response in HTTPS protocol from the second node 406. The response received via HTTPS protocol from the second node 406 by the cSEPP server 104 may be forwarded as response via HTTP protocol to the first node 402.
[0079] FIG. 5 shows a block diagram of the SEPP server 110, of the system 125 acting as pSEPP, in accordance with an exemplary embodiment of the present subject matter. The pSEPP server 110, may be communicably connected with a second cache memory 504. The cache memory 504, may be configured to store attributes of the HTTPS based URL. Further the attributes of the HTTPS URL may refer to FQDN_servicename or FQDN_port. Further the second node 406 may be communicably connected with the pSEPP server 110.
[0080] In accordance with the present disclosure, the pSEPP server 110, may be configured to receive the request utilizing the HTTPS protocol. Further the associated attributes of the HTTPS are retrieved from the cache memory 504. The request received in the HTTPS protocol is translated into the request in the HTTP protocol by the pSEPP server 110. Further the request is forwarded to the second node 406, utilizing the HTTP protocol. [0081] The cSEPP server 110, may be further configured to send the response from the second node 406 to the first node 402 when the request is received from the second node 406 utilizing the HTTP protocol. Further the response may be translated into the HTTPS protocol based on the mapping of the FQDN_servicename or FQDN_port retrieved from the cache memory 504. Further the response may be forwarded to the first node 402 utilizing the HTTPS protocol upon translation.
[0082] FIG. 6 illustrates a flow diagram of a method 600 for bidirectional scheme translation, according to one or more embodiments of the present disclosure. For the purpose of description, the method 600 is described with the embodiments as illustrated in the FIG. 2 and should nowhere be construed as limiting the scope of the present disclosure.
[0083] At step 602, the method 600 includes the step of converting a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node, when the request is initiated to be transmitted from the first node 402 to the second node 406 by the conversion unit 220. In an embodiment, the scheme is at least one of a protocol. In another embodiment, the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP). The Hypertext Transfer Protocol Secure, commonly known as HTTPS, is a secure version of the Hypertext Transfer Protocol (HTTP), which is the protocol used for transmitting data over the World Wide Web.
[0084] Further, the method includes the step of performing conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP) by the conversion unit 220. The Security Edge Protection Proxy (SEPP) is a proxy deployed at the edge or the perimeter of the Public Land Mobile Network (PLMN) 112 and enables secured communication between inter-PLMN network messages. The SEPP is a just proxy enabled to authenticate, provide confidentiality protection, and enable integration protection between two different mobile service providers i.e., inter-PLMN. In one embodiment, the SEPP is at least one of, a Consumer SEPP (cSEPP) 104, and a Producer SEPP (pSEPP) 110. The storage unit 225 stores data pertaining to the first node 402 and the second node 406 and the request at a cache memory when the first scheme associated with the request to the second scheme is converted by the conversion unit 220 based on checking one or more acceptable schemes of the second node.
[0085] At step 604, the method 600 includes the step of storing data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at the cache memory by the storage unit 225. In one embodiment, the request or the data includes a Uniform Resource Identifier (URI) in a from Uniform Resource Locator (URL). As used herein, the URI is a string of characters that identifies or names a resource on the internet. The URIs are used to identify resources. The URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet. The URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
[0086] In a preferred embodiment, the cache memory is configured to store a mapping information pertaining to the first scheme with the second scheme. In one embodiment, the mapping information includes at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name. The one or more combinations of the URL attributes are mapped with the SEPP verified FQDN. The FQDN is a complete and specific domain name that uniquely identifies a particular host or the resource on the internet. The FQDN is formed by combining a hostname and a domain name, providing a complete and unambiguous reference to a location of the resource within a Domain Name System (DNS) hierarchy.
[0087] At step 606, the method 600 includes the step of transmitting the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402 by the transceiver 230. The request received from the first node 402 is at least one of, a Uniform Resource Locator (URL). The URL is a specific type of URI that provides the means to locate and retrieve the resource on the internet. The URL includes the protocol used to access the resource (such as HTTP or HTTPS), the domain name or IP address of the server, and the path to the resource on the server.
[0088] At step 608, the method 600 includes the step of receiving a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node 406 by the transceiver 230. The conversion unit 220 is configured to convert the second scheme to the first scheme pertaining to the response from the second node 406 when the response is received from the second node 406 to the first node 402.
[0089] At step 610, the method 600 includes the step of converting the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory of utilization of the first scheme by the first node 402 while transmitting the request to the second node 406 by the conversion unit 220.
[0090] At step 612, the method 600 includes the step of transmitting the response from the second node 406 to the first node 402 utilizing the converted first scheme by the transceiver unit 230 when the request transmitted from the first node 402 is received by the second node. Further, the conversion unit 220 is configured to perform at least one of, enabling or disabling the conversions pertaining to schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node 406.
[0091] FIG. 7 illustrates a flow chart of request 700 in cSEPP server 104, shown in the FIG. 4, in accordance with the exemplary embodiment of the present subject matter. Referring to FIG. 4 and FIG. 7 shows, at step 702, the request is received from the first node 402. The request received may be in the URL form. Further at step 704, the scheme of the request is identified, i.e., if the requested URL is in HTTPS or HTTP protocol. Further mapping the scheme with data present in the cache memory 404. Further at step 706, determining if the scheme, request or the data includes the URI in the from URL. At step 708, converting the scheme HTTP to HTTPS at the cSEPP 104 if the URI is determined at step 706 by the cSEPP 104. Further the cSEPP 104 at step 710, forwarding the request to the second node 406.
[0092] FIG. 8, illustrates a flow chart of response 800 in cSEPP server 104, shown in the FIG. 4, in accordance with the exemplary embodiment of the present subject matter. The cSEPP server 104, at step 802 may be configured to receive a response from the second node 406. Further at step 804, extracting the scheme from the response by the cSEPP server 104. At step 806, determining if the extracted scheme is in HTTP protocol. If the extracted scheme is in HTTP protocol at step 808, forwarding the response to the first node 402.
[0093] Further at step 810, converting the scheme HTTPS to HTTP using the cSEPP 104 in case at step 806 the extracted scheme is determined to be HTTPS. Further upon converting the scheme, at step 808 forwarding the converted response to the first node 402. Further at step 810, storing the scheme converted data in the cache memory 404.
[0094] FIG. 9, illustrates a flow chart of response 900 in pSEPP server 110, shown in the FIG. 5, in accordance with the exemplary embodiment of the present subject matter. Referring to FIG. 5 and FIG. 9 shows, at step 902, the response is received from the second node 406. Further at step 904, the scheme of the response is identified, i.e., if the scheme is present in the cache memory 504. Further mapping the scheme with data present in the cache memory 504. Further at step 906, determining if the scheme of the response comprises URI in the from URL. At step 908, converting the scheme HTTP to HTTPS at the pSEPP server 110 if the URI is determined at step 906 by the pSEPP 110. Further the pSEPP at step 910, forwarding the response to the first node 402. [0095] FIG. 10, illustrates a flow chart of request 1000 in pSEPP server 110, shown in the FIG. 5, in accordance with the exemplary embodiment of the present subject matter. The pSEPP server 110, at step 1002 may be configured to receive the request from the first node 402. Further at step 1004, extracting the scheme from the response by the pSEPP server 110. At step 1006, determining if the extracted scheme is in HTTP protocol. If the extracted scheme is in HTTP protocol at step 1008, forwarding the request to the second node 406.
[0096] Further at step 1010, converting the scheme HTTPS to HTTP using the pSEPP 110 in case at step 1006 the extracted scheme is determined to be HTTPS. Further upon converting the scheme, at step 1008 forwarding the converted request to the second node 406. Further at step 1010, storing the scheme converted data in the cache memory 504.
[0097] The present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions. The computer- readable instructions are executed by a processor 205 is disclosed. The processor 205 is configured to convert a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node 406, when the request is initiated to be transmitted from a first node 402 to the second node 406. The processor 205 is configured to store data pertaining to the first node 402 and the associated first scheme, the second node 406 and the associated second scheme and the request at a cache memory 404. The processor 205 is configured to transmit the request from the first node 402 to the second node 406 utilizing the second scheme associated with the first node 402. The processor 205 is further configured to receive a response from the second node 406 utilizing the second scheme subsequent to transmission of the request from the first node 402 to the second node 406. The processor 205 is further configured to convert the second scheme to the first scheme pertaining to the response from the second node 406 subsequent to checking at the cache memory 404 of utilization of the first scheme by the first node 402 while transmitting the request to the second node 406. The processor 205 is further configured to transmit the response from the second node 406 to the first node 402 utilizing the converted first scheme.
[0098] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIG.1-10) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0099] The present disclosure incorporates technical advancement of receiving the foreign request and converting the first scheme to the second scheme from the first node to the second node and storing the converted scheme in the cache memory. After receiving the converted scheme by the second node, the second node sends the response received by using the SEPP, which transmits the response forwarded to the first node. Thereafter, the second scheme is converted into the first scheme if the response forwarded exists in the cache memory. The SEPP can utilize the HTTP protocol which provides high throughput and low computation requirements. Moreover, the SEPP provides telescopic FQDNs and wildcard domain certificates on behalf of the NF, so there is no requirement of SSL certificate and domain registration, thereby reducing the complexity of the present invention. Further, the SEPP can provide authentication and management of foreign network certificates. [00100] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.
REFERENCE NUMERALS
[00101] Environment - 100;
[00102] First User Equipment - 102;
[00103] cSEPP server - 104;
[00104] Communication Network - 106, 114;
[00105] Second User Equipment - 108;
[00106] pSEPP server - 110;
[00107] PLMN -112;
[00108] System - 125;
[00109] Processor- 205;
[00110] Memory - 210;
[00111] I/O interface unit - 215;
[00112] Conversion unit- 220;
[00113] Storage unit - 225;
[00114] Transceiver - 230;
[00115] Database - 240;
[00116] Primary processor -305;
[00117] Memory Unit of User Equipment - 310;
[00118] First Node- 402;
[00119] Memory unit- 404;
[00120] Second Node - 406;
[00121] Memory unit - 504.

Claims

We Claim:
1. A method (600) for bidirectional scheme translation, the method (600) comprises the steps of: converting (602), by the one or more processors (205), a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node (406), when the request is initiated to be transmitted from a first node (402) to the second node (406); storing (604), by the one or more processors (205), data pertaining to, the first node (402) and the associated first scheme, the second node (406) and the associated second scheme and the request at a cache memory (404); transmitting (606), by the one or more processors (205), the request from the first node (402) to the second node (406) utilizing the second scheme associated with the first node (402); receiving (608), by the one or more processors (205), a response from the second node (406) utilizing the second scheme subsequent to transmission of the request from the first node (402) to the second node (406); converting (610), by the one or more processors (205), the second scheme to the first scheme pertaining to the response from the second node (406) subsequent to checking at the cache memory of utilization of the first scheme by the first node (402) while transmitting the request to the second node (406); and transmitting (612), by the one or more processors (205), the response from the second node (406) to the first node (402) utilizing the converted first scheme.
2. The method (600) as claimed in claim 1 , wherein the scheme is at least one of, a protocol.
3. The method (600) as claimed in claim 1, wherein the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
4. The method (600) as claimed in claim 1, wherein the one or more acceptable schemes of the second node (406) include schemes which the second node (406) is compatible to transmit and receive data.
5. The method (600) as claimed in claim 1, wherein the one or more processors (205), performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP), wherein the SEPP is at least one of, a Consumer SEPP (cSEPP) (104), Producer SEPP (pSEPP) (110).
6. The method (600) as claimed in claim 1 , wherein the request received from the first node (402) is at least one of, a Uniform Resource Locator (URL).
7. The method (600) as claimed in claim 1, wherein the cache memory (404) stores a mapping information pertaining to the first scheme with the second scheme.
8. The method (600) as claimed in claim 7, wherein the mapping information including at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name, wherein the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
9. The method (600) as claimed in claim 1, wherein one or more processors (205), performs at least one of, enabling or disabling the conversions pertaining to the schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node (406).
10. A system (125) for bidirectional scheme translation, the system (125) comprising: a conversion unit (220), configured to, convert, a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node (406), when the request is initiated to be transmitted from a first node (402) to the second node (406); a storage unit (225), configured to, store, data pertaining to, the first node (402) and the associated first scheme, the second node (406) and the associated second scheme and the request at a cache memory (404); a transceiver (230), configured to: transmit, the request from the first node (402) to the second node (406) utilizing the second scheme associated with the first node (402); receive, a response from the second node (406) utilizing the second scheme subsequent to transmission of the request from the first node (402) to the second node (406); the conversion unit (220), configured to, convert, the second scheme to the first scheme pertaining to the response from the second node (406) subsequent to checking at the cache memory (404) of utilization of the first scheme by the first node (402) while transmitting the request to the second node (406); and the transceiver (230), configured to, transmit, the response from the second node (406) to the first node (402) utilizing the converted first scheme.
11. The system (125) as claimed in claim 10, wherein the scheme is at least one of, a protocol.
12. The system (125) as claimed in claim 10, wherein the first scheme is a Hypertext Transfer Protocol Secure (HTTPS) and the second scheme is a Hypertext Transfer Protocol (HTTP).
13. The system (125) as claimed in claim 10, wherein the one or more acceptable schemes of the second node (406) include schemes which the second node (406) is compatible to transmit and receive data.
14. The system (125) as claimed in claim 10, wherein the one or more processors (205), performs conversion pertaining to the schemes utilizing a Security Edge Protection Proxy (SEPP), wherein the SEPP is at least one of, a Consumer SEPP (cSEPP) (104), Producer SEPP (pSEPP) (110).
15. The system (125) as claimed in claim 10, wherein the request received from the first node (402) is at least one of, a Uniform Resource Locator (URL).
16. The system (125) as claimed in claim 10, wherein the cache memory (404) stores a mapping information pertaining to the first scheme with the second scheme.
17. The system (125) as claimed in claim 16, wherein the mapping information including at least one of, identified URL attributes such as an Internet Protocol (IP) address, a Port number or a Fully Qualified Domain Name (FQDN) service name, wherein the one or more combinations of the URL attributes are mapped with the SEPP verified FQDN.
18. The system (125) as claimed in claim 10, wherein one or more processors (205), performs at least one of, enabling or disabling the conversions pertaining to the schemes based on one or more flags with true or false conditions related to the one or more acceptable schemes pertaining to the second node (406).
19. A User Equipment (UE) (102), comprising: one or more primary processors (305) communicatively coupled to one or more processors (205), the one or more primary processors (305) coupled with a memory (310), wherein said memory (310) stores instructions which when executed by the one or more primary processors (305) causes the UE (102) to: transmit, a request to a second node (406) in order to avail one or more services; and wherein the one or more processors (205) is configured to perform the steps as claimed in claim 1.
0. A non-transitory computer-readable medium having stored thereon computer- readable instructions that, when executed by a processor (205), causes the processor (205) to: convert, a first scheme associated with a request to a second scheme based on checking one or more acceptable schemes of a second node (406), when the request is initiated to be transmitted from a first node (402) to the second node (406); store, data pertaining to, the first node (402) and the associated first scheme, the second node (406) and the associated second scheme and the request at a cache memory (404); transmit, the request from the first node (402) to the second node (406) utilizing the second scheme associated with the first node (402); receive, a response from the second node (406) utilizing the second scheme subsequent to transmission of the request from the first node (402) to the second node (406); convert, the second scheme to the first scheme pertaining to the response from the second node (406) subsequent to checking at the cache memory (404) of utilization of the first scheme by the first node (402) while transmitting the request to the second node (406); and transmit, the response from the second node (406) to the first node (402) utilizing the converted first scheme.
PCT/IN2024/051009 2023-07-07 2024-07-01 System and a method for bidirectional scheme translation Pending WO2025012984A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202321045598 2023-07-07
IN202321045598 2023-07-07

Publications (1)

Publication Number Publication Date
WO2025012984A1 true WO2025012984A1 (en) 2025-01-16

Family

ID=94215048

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2024/051009 Pending WO2025012984A1 (en) 2023-07-07 2024-07-01 System and a method for bidirectional scheme translation

Country Status (1)

Country Link
WO (1) WO2025012984A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022151867A1 (en) * 2021-01-18 2022-07-21 武汉绿色网络信息服务有限责任公司 Method and apparatus for converting http into https bidirectional transparent proxy

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022151867A1 (en) * 2021-01-18 2022-07-21 武汉绿色网络信息服务有限责任公司 Method and apparatus for converting http into https bidirectional transparent proxy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Technical Realization of Service Based Architecture; Stage 3 (Release 17)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 29.500, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. CT WG4, no. V17.10.0, 28 March 2023 (2023-03-28), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 131, XP052284324 *

Similar Documents

Publication Publication Date Title
US9935921B2 (en) Correlating nameserver IPv6 and IPv4 addresses
CN110049022B (en) Domain name access control method and device and computer readable storage medium
EP2266064B1 (en) Request routing
US9712422B2 (en) Selection of service nodes for provision of services
CN103561121B (en) Method and device for analyzing DNS and browser
US20240214346A1 (en) Resolving Domain Name System (DNS) Requests Via Proxy Mechanisms
CN111314499B (en) Domain name proxy method, device, equipment and readable storage medium
EP4221132B1 (en) System and method for identifying ott applications and services
EP3170091B1 (en) Method and server of remote information query
US9444780B1 (en) Content provided DNS resolution validation and use
CN112583952B (en) Redirection scheduling processing method, device and system, related equipment and storage medium
WO2017161965A1 (en) Method, device, and system for dynamic domain name system (dns) redirection
CN105357212A (en) DNS end-to-end analysis method capable of ensuring safety and privacy
US10530765B2 (en) Securing connections to unsecure internet resources
WO2025012984A1 (en) System and a method for bidirectional scheme translation
US20160234685A1 (en) Methods and Devices for Processing Identification Information
US10291612B2 (en) Bi-directional authentication between a media repository and a hosting provider
EP4572231A1 (en) Cybersecurity based on domain name system protocol processing
US11381503B2 (en) Data packet routing method and data packet routing device
US10148729B2 (en) Hosting provider hosting routes from a media repository
WO2025008970A1 (en) System and method of caching dns responses for application detection
KR101401004B1 (en) Security device including sniffing unit and operating method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24839097

Country of ref document: EP

Kind code of ref document: A1