What technology area does this patent fall under?

Primary CPC classification H04L9/3268. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jan 06 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods, systems, and computer readable media for protecting against unauthorized use of certificate management protocol (CMP) client identity private keys and public key certificates associated with network functions

US12519660B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12519660-B2
Application number	US-202318113041-A
Country	US
Kind code	B2
Filing date	Feb 22, 2023
Priority date	Feb 22, 2023
Publication date	Jan 6, 2026
Grant date	Jan 6, 2026

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for protecting against unauthorized use of CMP client identity private keys and CMP public key certificates associated with NFs includes receiving, by a CMP CA proxy, a first CMP certificate request for renewing a security certificate associated with a first NF, the CMP certificate request including a public key certificate associated with the first NF and is protected by a CMP client identity private key associated with the first NF. The method further includes determining that the first NF is registered with the NRF, and, in response to determining that the first NF is registered with the NRF, checking, by the CMP CA proxy whether the first CMP certificate request includes an NRF-issued access token for the first NF, determining that the CMP certificate request does not include the NRF-issued access token for the first NF, and, in response to determining that the first CMP certificate request does not include the NRF-issued access token for the first NF, performing a network security action regarding the first CMP certificate request.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method for protecting against unauthorized use of certificate management protocol (CMP) client identity private keys and CMP public key certificates associated with network functions (NFs), the method comprising: receiving, by a CMP certificate authority (CA) proxy, a first CMP certificate request for renewing a security certificate associated with a first NF, the CMP certificate request including a public key certificate associated with the first NF and is protected by a CMP client identity private key associated with the first NF, wherein receiving the first CMP certificate request includes receiving the first CMP certificate request from a hacker impersonating the first NF; checking, by the CMP CA proxy, whether the first NF is registered with an NF repository function (NRF) and determining that the first NF is registered with the NRF; in response to determining, by the CMP CA proxy that the first NF is registered with the NRF, determining, by the CMP CA proxy, whether the first CMP certificate request includes an OAuth 2.0 access token of the first NF that consumer NFs present to the first NF to access services provided by the first NF; and in response to determining, by the CMP CA proxy, that the first CMP certificate request does not include the OAuth 2.0 access token of the first NF, performing a network security action regarding the first CMP certificate request, wherein performing the network security action for the first CMP certificate request includes preventing a CMP CA from providing the security certificate to the hacker by blocking the first CMP certificate request-from being sent by the CMP CA proxy to the CMP CA. 2 . The method of claim 1 wherein receiving the first CMP certificate request at the CMP CA proxy includes receiving the first CMP certificate request at the CMP CA proxy that is a component of the NRF or at the CMP CA proxy that is separate from the NRF. 3 . The method of claim 1 wherein receiving the first CMP certificate request includes intercepting the first CMP certificate request. 4 . The method of claim 1 wherein receiving the first CMP certificate request includes receiving the first CMP certificate request for a transport layer security (TLS) or a client credentials assertion (CCA) certificate of the first NF. 5 . The method of claim 1 comprising: receiving, by the CMP CA proxy, a second CMP certificate request for renewing a security certificate associated with a second NF, the request including a public key certificate associated with the second NF and is protected by a CMP client identity private key associated with the second NF; checking, by the CMP CA proxy, whether the second NF is registered with the NRF and determining that the second NF is not registered with the NRF; and in response to determining that the second NF is not registered with the NRF, allowing processing of the second CMP certificate request. 6 . The method of claim 5 wherein allowing processing of the second CMP certificate request includes providing the second CMP certificate request to the CMP CA, at the CMP CA, generating a CMP certificate response including the security certificate associated with the second NF, and forwarding the CMP certificate response to an originator of the second CMP certificate request. 7 . The method of claim 1 comprising: transmitting, by a second NF and to the CMP CA proxy, a second CMP certificate request for renewing a second security certificate associated with the second NF, the second CMP certificate request including a public key certificate and an NRF-issued OAuth 2.0 access token associated with the second NF; receiving, by the CMP CA proxy, the second CMP certificate request; checking, by the CMP CA proxy, whether the second NF is registered with the NRF and determining that the second NF is registered with the NRF; in response to determining, by the CMP CA proxy that the second NF is registered with the NRF, checking, by the CMP CA proxy whether the second CMP certificate request includes the NRF-issued OAuth 2.0 access token associated with the second NF and determining that the second CMP certificate request includes the NRF-issued OAuth 2.0 access token associated with the second NF; and in response to determining, by the CMP CA proxy, that the second CMP certificate request includes the NRF-issued OAuth 2.0 access token associated with the second NF, allowing processing of the second CMP certificate request by forwarding the second CMP certificate request to a CMP CA proxy. 8 . A system for protecting against unauthorized use of certificate management protocol (CMP) client identity private keys and CMP public key certificates associated with network functions (NFs), the system comprising: a CMP certificate authority (CA) proxy including at least one processor and a memory; and a CMP certificate request validator implemented by the at least one processor for: receiving a first CMP certificate request for renewing a security certificate associated with a first NF, the CMP certificate request including a public key certificate associated with the first NF and is protected by a CMP client identity private key associated with the first NF, wherein receiving the first CMP certificate request includes receiving the first CMP certificate request from a hacker impersonating the first NF; checking whether the first NF is registered with an NF repository function (NRF) and determining that the first NF is registered with the NRF; in response to determining that the first NF is registered with the NRF, determining whether the first CMP certificate request includes an OAuth 2.0 access token of the first NF that consumer NFs present to the first NF to access services provided by the first NF; and in response to determining that the first CMP certificate request does not include the OAuth 2.0 access token of the first NF, performing a network security action regarding the first CMP certificate request, wherein performing the network security action comprises preventing a CMP CA from providing the security certificate to the hacker by blocking the first CMP certificate request from being sent by the CMP CA proxy to the CMP CA. 9 . The system of claim 8 wherein the CMP CA proxy comprises a component of the NRF or is separate from the NRF. 10 . The system of claim 8 wherein the CMP CA proxy is configured to receive the first CMP certificate request by intercepting the first CMP certificate request. 11 . The system of claim 8 wherein the security certificate comprises a transport layer security (TLS) or a client credentials assertion (CCA) certificate of the first NF. 12 . The system of claim 8 wherein the CMP certificate request validator is configured to: receive a second CMP certificate request for renewing a security certificate associated with a second NF, the request including a public key certificate associated with the second NF and is protected by a CMP client identity private key associated with the second NF; check whether the second NF is registered with the NRF and determine that the second NF is not registered with the NRF; and in response to determining that the second NF is not registered with the NRF, allow processing of the second CMP certificate request. 13 . The system of claim 8 comprising a second NF for transmitting, to the CMP CA proxy, a second CMP certificate request for renewing a second security certificate associated with the second NF, the second CMP certificate request including a public key certificate associated with the second NF, is protected by a CMP client identity private key associated with the second NF,

Assignees

Oracle Int Corp

Inventors

Classifications

H04L9/3213
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
G06F21/33
using certificates · CPC title
H04W12/084
using delegated authorisation, e.g. open authorisation [OAuth] protocol · CPC title
H04L2209/76
Proxy, i.e. using intermediary entity to perform cryptographic operations · CPC title
H04L63/0281
Proxies · CPC title

Patent family

Related publications grouped by family.

View patent family 90362041

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12519660B2 cover?: A method for protecting against unauthorized use of CMP client identity private keys and CMP public key certificates associated with NFs includes receiving, by a CMP CA proxy, a first CMP certificate request for renewing a security certificate associated with a first NF, the CMP certificate request including a public key certificate associated with the first NF and is protected by a CMP client …
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification H04L9/3268. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jan 06 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).