Abstract: A method of testing a communication system implementing a zero trust architecture. The method comprises sending a request by a test equipment platform to access a microsegment to a policy enforcement point (PEP); sending an authorization request by the PEP to a policy decision point (PDP); authorizing access of the test equipment platform to the microsegment by the PDP; sending authorization of access of the test equipment platform to the microsegment by the PDP to the PEP; establishing a secure tunnel by the PEP between the test equipment platform and the microsegment; sending a command to provide test data by the test equipment platform via the secure tunnel to a probe in the microsegment; analyzing the test data by the test equipment platform; and producing a test result by the test equipment platform based on analyzing the test data.

Abstract: Systems and methods for providing multi-factor authentication based on visual objects associated with an out of band shared secret delivery channel and at least one user device of a telecommunication network include an access point communicatively coupled to an authentication system. The authentication system is structured to generate a set of visual objects, cause the set of visual objects to be output by a first user device, transmit, via an out of band shared secret delivery channel, a visual object request to cause a secondary user device to output one or more out of band visual objects, receive an indication of object selection from the set of visual objects, determine that the indication of the object selection is associated with a visual selection match among the set of visual objects, and based on the visual selection match, authenticate access to an application associated with the authentication system.

Abstract: Systems and methods are provided herein to implement a platform independent client framework, which may also be known as a universal software stack. A computer-implemented method for may be used when seeking to connect a device without a 5G radio, such as a 3GPP device, to a 5G network. The device seeking to connect to the 5G network sends a connection request message to the platform independent client framework. Based on the connection request message, the platform independent client framework requests a platform specific adapter, which is then used to create an adapted message. The platform independent client framework then encapsulates the adapted message. The adapted message is then encapsulated to create a first encapsulated message. The first encapsulated message is then encapsulated in an internet protocol security protocol to create a second encapsulated message. The second encapsulated message is then transmitted to the 5G network.

Abstract: A wireless communication network generates and transfers qubits to a wireless user device. The wireless communication network and the wireless user device determine polarization states for the qubits. The wireless communication network and the wireless user device exchange cryptography information. The wireless communication network and the wireless user device generate cryptography keys based on the polarization states and the cryptography information. The wireless communication network and the wireless user device encrypt and decrypt data that they exchange with one another based on the cryptography keys.

Abstract: A wireless communication network to serve a User Equipment (UE) over Network Exposure Functions (NEFs) that have Application Programming Interfaces (APIs). In the wireless communication network, a NEF Interface Function (NIF) receives a NEF request from a network function. The NIF correlates the NEF request with one of the APIs. The NIF selects one of the NEFs based on the one of the APIs. The NIF translates the NEF request into an API call based on the one of the APIs. The NIF transfers the API call to the one of the NEFs. The one of the NEFs receive the API call and responsively performs a network task for the UE based on the API call.

Abstract: Systems and methods for a micro-service data gateway are provided. In some embodiments, the micro-service data gateway comprises at least a micro-service data reflector and a micro-service data synthesizer. The data reflector operates to serve cached micro-service data in response to UE micro-service data requests. The reflector receives requests for micro-service data available from at least one data source exposed by a network exposure function (NEF) of a network operator core, retrieves the micro-service data from a data cache comprising at least a subset of micro-service data available from the data source, and provides the micro-service data to a requestor of the micro-service data. The synthesizer operates to ensure that the cache of micro-service data available to the reflector is fresh and updated. The micro-service data gateway may be positioned near the UE at a network edge of the core network and/or in part implemented within the UE.

Abstract: Systems and methods are provided for rapid user equipment route selection policy rule processing. A method includes determining an applicable routing policy based on user equipment route selection policy (URSP) rules for an established protocol data unit (PDU) session and storing PDU session information with the established uplink PDU session in a cache. The method further includes examining subsequent uplink packets for PDU session information and checking the cache for an established PDU session with matching uplink PDU session information. The method additionally includes routing the subsequent uplink packets to the established PDU session having the matching PDU session information, causing the subsequent uplink packet to be processed in accordance with the applicable routing policy as previously determined based on the URSP rules.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A wireless communication system transfers signaling messages between a wireless access node and a wireless user device. The wireless access node and the wireless user device wirelessly exchange user data with one another. The wireless communication system establishes a node signaling link with the wireless access node. The wireless communication system establishes a user signaling link with the wireless user device. The wireless communication system receives a signaling message from the wireless access node over the node signaling link and transfers the signaling message to the wireless user device over the user signaling link. The wireless communication system receives another signaling message from the wireless user device over the user signaling link and transfers the other signaling message to the wireless access node over the node signaling link.

Abstract: A data communication network serves a user application in User Equipment (UE) over a Virtual Private Network (VPN) Gateway (GW), Application Function (AF), and Network Exposure Function (NEF). The user application in the UE transfers user data to a VPN application in the UE. The VPN application in the UE transfers the user data over a VPN to the VPN-GW for delivery to the NEF. The VPN-GW receives user data over the VPN and transfers the user data to the AF for delivery to the NEF. The AF receives the user data for delivery to the NEF and generates an Application Programming Interface (API) call with the user data. The AF transfers the API call to the NEF. The NEF receives the API call and responsively exposes the user data. The user data may comprise user signaling, and the UE may exchange user data with external systems over the VPN GW responsive to the user signaling.

Abstract: A communication device. The communication device comprises a central processing unit (CPU), a graphics processing unit (GPU), and a non-transitory memory comprising executable instructions for a sharing application that when executed by at least one of the CPU or the GPU, causes the sharing application to transmit an executable of a trusted application to an endpoint communication device, begin execution of the sharing application in a trusted security execution zone (TSZ) execution mode for sharing media content, instantiate a trustlet application that begins execution by the CPU or the GPU in the TSZ execution mode, display a unit of media content on the communication device, determine whether the unit of media content comprises confidential information, and in response to a determination the unit of media content comprises confidential information, transmit commands to the trusted application to control one or more functions at the endpoint communication device.

Abstract: In a wireless communication system, a source access node receives a security policy for a User Equipment (UE) from a wireless network core. The wireless network core and the UE establish security context over the source access node. The wireless network core and the UE exchange user data over the source access node based on the security context. The source access node handsover the wireless UE to a target access node and transfers the security policy for the wireless UE to the target access node. The target access node signals the wireless network core to establish new security context for the wireless UE responsive to the security policy. The wireless network core and the wireless UE establish new security context over the target access node. The wireless network core and the UE exchange additional user data over the target access node based on the new security context.

Abstract: A wireless communication device serves a user application from a protected memory region. Processing circuitry receives a memory call from the user application for the protected memory region. In response, the processing circuitry generates network signaling that characterizes the memory call and authorization factors for the memory call. Communication circuitry wirelessly transfers the network signaling and receives other network signaling that indicates a memory instruction. The processing circuitry directs the memory circuitry to perform the memory call in the protected memory region for the user application per the memory instruction. The memory circuitry performs the memory call in the protected memory region for the user application per the memory instruction.

Abstract: Programmable networking devices configured to perform various packet processing functions for packet filtration, control and user plane separation (CUPS), user plane function (UPF), pipeline processing, etc. Upon arrival of a user plane packet, a UPF performs a rapid lookup or hash table of the provisioned PDRs associated with a given PFCP session, arrange PDRs in decreasing order of precedence, and process the packet more efficiently than evaluating all PDRs.

Abstract: In a wireless communication network, a wireless access node receives an encrypted slice certificate from a wireless user device and transfers the encrypted slice certificate to a network control-plane. The network control-plane decrypts the encrypted slice certificate and determines a correspondence between expected characteristics and the slice characteristics from the decrypted slice certificate. The network control-plane authorizes the wireless user device for the wireless network slice based on the correspondence. In response to the authorization, the network control-plane transfers user context for the wireless network slice to the wireless access node and a network user-plane. The wireless access node exchanges user data between the wireless user device and the network user-plane per the user context. The network user-plane exchanges the user data between the wireless access node and a data system per the user context.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A method of determining an integrity of an electronic communication device that connects to a 5G core network. The method comprises measuring by an attestation client application executing on the electronic communication device attributes of a universal communication stack (UCS) that executes on the electronic communication device and that promotes communication with the 5G core network; receiving a baseline of UCS attributes comprising norms of UCS attributes and thresholds; comparing measurements of the attributes of the UCS to the baseline by the attestation client application; when the comparisons are within the thresholds, granting communication access by the attestation client application to the 5G core network to a user application that executes on the electronic communication device; and when one of the comparisons exceeds a threshold, denying communication access by the attestation client application to the 5G core network to the user application that executes on the electronic communication device.

Abstract: A method for providing a translating virtual network function by a network element. The method comprises receiving by the network element a first Packet Forwarding Control Protocol (PFCP) message of a plurality of PFCP messages at a first Internet Protocol (IP) address of a plurality of IP addresses of the network element, the first IP address corresponding to a first Session Management Function (SMF) of one or more SMFs, selecting by the network element a translation method based on the first IP address on which the first PFCP message was received, translating by the network element the first PFCP message using the selected translation method into a function-based model representation of the first PFCP message, and configuring by the network element a network interface controller to implement, based on the representation of the first PFCP message, a protocol data unit (PDU) session.

Abstract: A wireless User Equipment (UE) performs quantum authentication with a wireless communication network. The wireless UE receives qubits that were generated by the wireless communication network and determines polarization states for the qubits. The wireless UE exchanges cryptography information with the wireless communication network. The wireless UE and the wireless communication network both generate cryptography keys based on the polarization states and the cryptography information. The wireless UE generates authentication data based the cryptography keys. The wireless UE wirelessly transfers the authentication data to the wireless communication network. The wireless communication network authenticates the wireless UE based on the authentication data and the cryptography keys.

Abstract: A data communication network controls network access for User Equipment (UE) over a non-Third Generation Partnership Project (non-3GPP) access node. The non-3GPP access node transfers a UE access control message to a non-3GPP Interworking Function (IWF). The non-3GPP IWF transfers an N2 message indicating the UE access control message to a 3GPP Access and Mobility Management Function (AMF). The 3GPP AMF transfers an N1 message indicating the UE access control message to the UE. The UE processes the UE access control message from the non-3GPP access node.