US 12,192,359 B2
Authorization of network request
Chaitanya Aggarwal, Munich (DE); Anja Jerichow, Grafing bei Munich (DE); and Saurabh Khare, Bangalore (IN)
Assigned to Nokia Technologies Oy, Espoo (FI)
Filed by Nokia Technologies Oy, Espoo (FI)
Filed on Dec. 14, 2021, as Appl. No. 17/550,549.
Claims priority of application No. 20206313 (FI), filed on Dec. 16, 2020.
Prior Publication US 2022/0191028 A1, Jun. 16, 2022
Int. Cl. H04L 9/32 (2006.01)
CPC H04L 9/3213 (2013.01) [H04L 9/3247 (2013.01)] 8 Claims
OG exemplary drawing
 
1. An apparatus operating as network repository function comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to:
receive, from a service communication proxy, a discovery message describing a service requested by a network function consumer;
transmit, responsive to the discovery message a profile message describing network function provider entities which offer the service requested by the network function consumer, wherein the service communication proxy selects a network function provider from the profile message;
receive, from the service communication proxy, a request for an access token for the selected network function provider;
determine, responsive to receiving the request for the access token whether a separate authorization is needed for the service communication proxy based on at least one criterion, wherein the at least one criterion comprises whether an identity of the network function consumer is comprised in a list of network function consumer identities, and whether the network function provider is of a type for which authorization tokens shall be used;
transmit, responsive to determining that the separate authorization is needed, an authorization token, distinct from the access token, to the service communication proxy, the authorization token being specific to the request, wherein the separate authorization using the authorization token is needed in response to determination that the service communication proxy has sent more than a predefined number of requests within a predetermined time period and wherein the separate authorization is performed by a network function consumer by signing the authorization token using its private key and transmitting a signed authorization token to the service communication proxy;
verify, the signed authorization token received from the service communication proxy using a public key of the network function consumer;
and provide the access token to the service communication proxy responsive to verifying the signed authorization token which enables the network function provider to provide service requested by the network function consumer after validating the access token received from the service communication proxy.