Search

EP-4740527-A1 - METHOD AND SYSTEM FOR PROVIDING SECURED APPLICATION PROGRAMMING INTERFACE BASED MANUAL AUTHENTICATION OF NETWORK FUNCTIONS

EP4740527A1EP 4740527 A1EP4740527 A1EP 4740527A1EP-4740527-A1

Abstract

The present disclosure relates to method and system [200] for providing an interface based authentication of one or more network functions, the method comprising, receiving, by a transceiver unit [202a], a successful registration indication of a second network function (NF) server [104]; receiving, by the transceiver unit [202a], a NF profile of the second NF server [204] based on the successful registration indication and receiving, one of an approval request and a reject request based on a manual authentication of the second NF server [204]; performing, by a processing unit [202c], one of: an addition procedure and a removal procedure based on one of the approval request and the reject request, and facilitating routing, by processing unit [202c], a network traffic from the first NF server [202] to the second NF server [204] based the receipt of the approval request.

Inventors

  • BISHT, SANDEEP
  • PANDEY, PRASHANT
  • BHATNAGAR, AAYUSH
  • BHATNAGAR, PRADEEP KUMAR
  • YADAV, RAVINDRA
  • JAIN, Abhiman
  • Ansari, Ezaj
  • SONKAR, Lakhichandra
  • KUMAR, ANUJ
  • SINHA, ANURAG

Assignees

  • Jio Platforms Limited

Dates

Publication Date
20260513
Application Date
20240613

Claims (16)

  1. 1. A method for providing an interface-based authentication of one or more network functions, the method comprising: - receiving, by a transceiver unit [202a] at a first network function (NF) server [202] from a Network Repository Function (NRF) server [206], a successful registration indication of a second network function (NF) server [204]; - receiving, by the transceiver unit [202a] at the first NF server [202] from the NRF server [206], a NF profile of the second NF server [204]; - receiving, by the transceiver unit [202a] at the first NF server [202] via one or more interfaces, one of an approval request and a reject request based on a manual authentication of the second NF server [204] ; - performing, by a processing unit [202c] at the first NF server [202], one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received; and - facilitating routing, by the processing unit [202c] at the first NF server [202], a network traffic from the first NF server [202] to the second NF server [204] based at least on the receipt of the approval request.
  2. 2. The method as claimed in claim 1, wherein the first NF server is a service communication proxy (SCP) controller.
  3. 3. The method as claimed in claim 1, wherein the method further comprising: identifying, by an identification unit [202b] at the first NF server [202], the successful registration indication as one of a new registration of the second network function (NF) server [204] and a reregistration of the second network function (NF) server [204] .
  4. 4. The method as claimed in claim 1, wherein the addition procedure comprises adding, by the processing unit [202c] at the first NF server [202], a details of the second NF server [204] in a traffic serving NF list, and the removal procedure comprises removing, by the processing unit [202c] at the first NF server [202], the NF profile of the second NF server [204] from a cache memory associated with the first NF server [202] .
  5. 5. The method as claimed in claim 1, wherein prior to the receiving, by the transceiver unit [202a] at the first NF server [202] from the NRF server [206], the successful registration indication of the second NF server [204], the method further comprising: - receiving, by the NRF server [206] from the second NF server [204], a registration request for registration of the second NF server [204] , in one of a direct mode or indirect mode, wherein the direct mode comprises receiving the registration request by the NRF server [206] from the second NF server [204] directly, and the indirect mode comprises receiving the registration request by the NRF server [206] from the second NF server [204] via the first NF server [202], and - sending, by the NRF server [206] to the second NF server [204], a response indicating the successful registration of the second NF server [204] with the NRF server [206] .
  6. 6. The method as claimed in claim 1, wherein the receiving, by the transceiver unit [202a] at the first NF server [202], the NF profile of the second NF server [204], comprises: - receiving, by the transceiver unit [202a] at the first NF server [202], the NF profile of the second NF server [204] and a status code based on the response indicating the successful registration.
  7. 7. The method as claimed in claim 3, wherein in an event of identifying of the successful registration as the new registration of the second NF server [204], the method comprises: - storing, by a storage unit [202e] at the first NF server [202] , the NF profile of the second NF server [204],
  8. 8. A system [200] for providing an interface-based authentication of one or more network functions, the system [200] comprising a first network function (NF) server [202], the first network function (NF) server [202] further comprises: - a transceiver unit [202a] configured to: o receive, from a Network Repository Function (NRF) server [206], a successful registration indication of a second network function (NF) server [104], o receive, from the NRF server [206] , a NF profile of the second NF server [204] , and o receive, via one or more interface, one of an approval request and a reject request based on a manual authentication of the second NF server [204] ; - a processing unit [202c] connected to at least the transceiver unit [202a], wherein the processing unit [202c] is configured to: - perform one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received; and facilitate routing a network traffic from the first NF server [202] to the second NF server [204] based at least on the receipt of the approval request.
  9. 9. The system [200] as claimed in claim 8, wherein the first network function server [202] is a service communication proxy (SCP) controller.
  10. 10. The system [200] as clamed in claim 8, further comprising an identification unit [202b] configured to identify, the successful registration indication as one of a new registration of the second network function (NF) server [204] and a re-registration of the second network function (NF) server [204] .
  11. 11. The system [200] as claimed in claim 8, wherein the processing unit [202c] is further configured to: - perform the addition procedure by adding a detail of the second NF server [204] in a traffic serving NF list, and - perform the removal procedure by removing the NF profile of the second NF server [204] from a cache memory associated with the first NF server [202] .
  12. 12. The system [200] as claimed in claim 8, wherein prior to the receipt of the successful registration indication of the second NF server [204] by the transceiver unit [202a] at the first NF server [202], the system is further configured to: - receive, by the NRF server [206] from the second NF server [204], a registration request for registration of the second NF server [204] , in one of a direct mode or indirect mode, wherein the direct mode comprises receipt of the registration request by the NRF server [206] from the second NF server [204] directly, and the indirect mode comprises receipt of the registration request by the NRF server [206] from the second NF server [204] via the first NF server [202], and - send, by the NRF server [206] to the second NF server [204], a response indicating the successful registration of the second NF server [204] with the NRF server [206],
  13. 13. The system [200] as claimed in claim 8, wherein to receive the NF profile of the second NF server [204], the transceiver unit [202a] is further configured to receive the NF profile of the second NF server [204] and a status code based on the response indicating the successful registration.
  14. 14. The system [200] as claimed in claim 10, further comprising a storage unit [202e] configured to store, the NF profile of the second NF server [204] in an event the successful registration is identified as the new registration of the second NF server [204] .
  15. 15. A user equipment, comprising: - a memory, and - a processor coupled to the memory, the processor is configured to: receive a registration request associated with a second NF server [204] from a first NF server [202], transmit an authentication request to the first NF server [202] associated with the registration request, and receive, an authentication response based on the authentication request. wherein the authentication response is generated based on: performance of a manual authentication of the second NF server [204] to generate one of an approval request and a reject request, and wherein one of: an addition procedure and a removal procedure is performed at the first NF server [202], wherein the addition procedure is performed in an event the approval request is generated, and the removal procedure is performed in an event the reject request is generated.
  16. 16. A non-transitory computer readable storage medium storing instruction for providing an interface-based authentication of one or more network functions in a telecommunication network, the instructions including an executable code, the executable code when executed by one or more units of the system, causes: a transceiver unit [202a] to: receive, from a Network Repository Function (NRF) server [206], a successful registration indication of a second network function (NF) server [104], receive, from the NRF server [206], a NF profile of the second NF server [204], and receive, via one or more interfaces, one of an approval request and a reject request based on the manual authentication of the second NF server [204]; and a processing unit [202c] to perform one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received, and route a network traffic from the first NF server [202] to the second NF server [204] based at least on the receipt of the approval request.

Description

METHOD AND SYSTEM FOR PROVIDING SECURED APPLICATION PROGRAMMING INTERFACE BASED MANUAL AUTHENTICATION OF NETWORK FUNCTIONS FIELD OF THE DISCLOSURE [001] The present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to methods and systems for providing a secured application programming interface (API) based manual authentication of network functions. BACKGROUND [002] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art. [003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. The third- generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users. [004] Moreover, the 5G core networks are based on service-based architecture (SBA) that is centered around a network function (NF) services. Each NF can register itself and its supported services to a Network Repository Function (NRF), which is used by other NFs for the discovery of NF instances and their services. The NRF therefore supports a service discovery function and receives NF Discovery Request from a NF instance or a Service Communication Proxy (SCP) and provides the information of the discovered NF instances (be discovered) to the NF instance or the SCP. Further, the NRF supports a Proxy Call Session Control Function (P-CSCF) discovery (specialized case of AF discovery by SMF). Further, the NRF maintain the NF profde of available NF instances and their supported services. Further, the NRF maintains a SCP profile of available SCP instances. Furthermore, the NRF supports a SCP discovery by the SCP instances. Also, the NRF notifies about newly registered/updated/ deregistered NF instances and the SCP instances along with its potential NF services to the subscribed NF service consumer or the SCP. Additionally, the NRF maintains the health status of NFs and SCP. Also, every time the NF undergoes a planned event or is commissioned for the first time, relevant NF details are recorded at the NRF. However, in existing system, upon registration with NRF, various methods are defined by the 3 GPP standard which are implemented for enabling an immediate traffic flow at the NF. The traffic flow may include confidential information such as user IDs, tracking areas and other user-related details. However, there exists a risk of manual errors and security breaches, also the manual errors may occur during configurations or restart procedures while security breaches may include methods like rerouting traffic flow to an un-secured server using a dummy server such as dummy Unified Data Management (UDM) server. [005] In other words, in 5G core Network, whenever a new instance of Network Function (NF) is commissioned, traffic distribution to the newly commissioned instance starts automatically. Sometimes, due to auto-restart or any manual error or environmental issue, the NF registers itself to the NRF, but it is yet not prepared to accept the traffic. In such cases failures will happen and ultimately Key Performance Indicator (KPI) will be degraded, affecting user experience. Also, in case of a security breach where a counterfeit NF has somehow registered itself at the NRF, now in an event where traffic starts immediately, some portion of traffic will land to that counterfeit NF i.e., an unauthorized NF which give increases the risk of a possibility of data theft. [006] Further, over the period various solutions have been developed to improve the performance of communication devices and to provide security and one or more error checks for authentication of one or more network function profiles. However, there are certain challenges with existing solutions. For instance, a security certificate intended to fortify sy