Abstract: The present invention provides systems and methods and apparatuses for user plane handling. An aspect of the disclosure provides a method of user plane handling. Such a method includes sending, by a first user plane entity, to a second user plane entity, a trigger message for changing the user plane handling for a protocol data unit (PDU) session. Another aspect of the disclosure provides a method of using a shared tunnel. Such a method includes receiving from a reception tunnel by a first user plane entity a tunnel packet including a tunnel header and a data packet. Such a method further includes routing, by the first user plane entity to a second tunnel using information in the tunnel header without processing the data packet.

Abstract: The present invention provides systems and methods and apparatuses for user plane handling. An aspect of the disclosure provides a method of user plane handling. Such a method includes sending, by a first user plane entity, to a second user plane entity, a trigger message for changing the user plane handling for a protocol data unit (PDU) session. Another aspect of the disclosure provides a method of using a shared tunnel. Such a method includes receiving from a reception tunnel by a first user plane entity a tunnel packet including a tunnel header and a data packet. Such a method further includes routing, by the first user plane entity to a second tunnel using information in the tunnel header without processing the data packet.

Abstract: Systems and methods on ID swapping during privacy data forwarding. An aspect of the disclosure provides a method for network communication. Such a method includes receiving, by a management function from a policy controller, a first message including a data forwarding policy indicative of a configuration on how to forward data according to a data forwarding requirement from an original data sender. Such a method further includes sending, by the management function to a network function, a second message according to the first message. Such a method further includes obtaining, by the network function, an indication indicating a request for data forwarding and a corresponding flag indicating an ID swapping rule according to the second message.

Abstract: A method, apparatus and system are provided for a charging management in the future network. An aspect of the disclosure provider for a charging method. Such a method includes receiving a charging request requesting for charging a service, wherein the service spans a plurality of network functions (NFs) operated by more than one providers, wherein the charging request includes an identifier (ID) of the requester, and wherein the more than one providers are untrusted by a consumer of the service. Such a method further includes sending a charging process request for a charging result according to the received information, the charging process request including the ID of the requester. Such a method further includes receiving the charging result indicating how to charge the service for the requester. Such a method further includes charging the service for the requester according to the received charging result.

Abstract: There is provided an authentication method and system where protection of user equipment (UE) privacy and network security can be improved. The system includes a third party communicatively trusted by and connected to the UE and one or more network entities, the third party configured to obtain identity information indicative of identity of the UE or the network entities and verify the UE and the network entities on whether the UE and the network entities are authorized to perform communications in the communication network. The third party is further configured to create mapping information, the mapping information including mappings between each identity indicated by the identity information and a respective temporary authentication identifier (ID) and according to the mapping information, transmit the respective temporary authentication ID to each of the UE and the network entities that are verified successfully by the third party.

Abstract: Systems and methods for key management. An aspect of the disclosure provides for a key management system including an authenticating function, a key-management function, and at least one function. The system provides for separation of authentications and key-management functions. The authenticating function configured for receiving an authentication request associated with a terminal device (TD), authenticating the request, and sending an authentication response to the at least one function. The key-management function configured for receiving a key request associated with the TD, generating a key according to the key request, and sending the key to the at least one function. The at least one function configured for receiving a request for service, sending, to the authenticating function, the authentication request, and receiving, from the authenticating function, the authenticating response.

Abstract: A system supporting a networked database service includes a controller configured to receive one or more data request and authenticate the one or more data request. A gateway (GW) in communication with the controller, is configured to receive at least one of the one or more data request from the controller, perform data classification on data received in the request, and generate a cryptographic key based on the data classification, a hardware-protected key of the GW, and a second (encryption) key. The cryptographic key is for accessing a database. The controller and the GW are operated by different parties.

Abstract: Systems and methods for key management. An aspect of the disclosure provides for a key management system including an authenticating function, a key-management function, and at least one function. The system provides for separation of authentications and key-management functions. The authenticating function configured for receiving an authentication request associated with a terminal device (TD), authenticating the request, and sending an authentication response to the at least one function. The key-management function configured for receiving a key request associated with the TD, generating a key according to the key request, and sending the key to the at least one function. The at least one function configured for receiving a request for service, sending, to the authenticating function, the authentication request, and receiving, from the authenticating function, the authenticating response.

Abstract: There is provided an authentication method and system where protection of user equipment (UE) privacy and network security can be improved. The system includes a third party communicatively trusted by and connected to the UE and one or more network entities, the third party configured to obtain identity information indicative of identity of the UE or the network entities and verify the UE and the network entities on whether the UE and the network entities are authorized to perform communications in the communication network. The third party is further configured to create mapping information, the mapping information including mappings between each identity indicated by the identity information and a respective temporary authentication identifier (ID) and according to the mapping information, transmit the respective temporary authentication ID to each of the UE and the network entities that are verified successfully by the third party.

Abstract: A system supporting a networked database service includes a controller configured to receive one or more data request and authenticate the one or more data request. A gateway (GW) in communication with the controller, is configured to receive at least one of the one or more data request from the controller, perform data classification on data received in the request, and generate a cryptographic key based on the data classification, a hardware-protected key of the GW, and a second (encryption) key. The cryptographic key is for accessing a database. The controller and the GW are operated by different parties.

Abstract: The present invention provides systems and methods and apparatuses for user plane handling. An aspect of the disclosure provides a method of user plane handling. Such a method includes sending, by a first user plane entity, to a second user plane entity, a trigger message for changing the user plane handling for a protocol data unit (PDU) session. Another aspect of the disclosure provides a method of using a shared tunnel. Such a method includes receiving from a reception tunnel by a first user plane entity a tunnel packet including a tunnel header and a data packet. Such a method further includes routing, by the first user plane entity to a second tunnel using information in the tunnel header without processing the data packet.