Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: Systems and methods are provided for duplicate message detection and removal. A method includes receiving a message tagged with a sequence number during one of a first timing window and a second timing window, wherein the first and second timing windows are consecutive recurring timing windows in a network. The method additionally includes sending a response to the message during one of the timing windows and marking the sequence number with the timing window of the response. The method further includes adding the marked sequence number to an exclusion list and after a next timing window expires, deleting the sequence number from the exclusion list.

Abstract: A Third Generation Partnership Project (3GPP) gateway serves a non-Third Generation Partnership Project (non-3GPP) user device over a 3GPP N1 link. The gateway receives a transaction request from the non-3GPP user device. The gateway translates the transaction request into a 3GPP request. The gateway transfers the 3GPP request to a 3GPP network and receives an authentication request from the 3GPP network. The gateway generates and transfers an authentication response based on the transaction request and the authentication request to the 3GPP network. In response to the authentication, the gateway establishes the 3GPP N1 link with the 3GPP network for the non-3GPP user device. The gateway exchanges user data with the non-3GPP user device. The gateway interworks the user data and N1 signaling. The gateway exchanges the N1 signaling with the 3GPP network. The 3GPP network interworks the N1 signaling and the user data and exchanges the user data.

Abstract: Methods and systems for detecting false base stations are provided. A computing device transmits a request for a verification message to a base station. An encrypted verification message comprising a base station identifier and a signature encrypted using an encryption key associated with the base station is received by the computing device. The computing device decrypts the signature included in the encrypted verification message utilizing a decryption key associated with the computer system. Based on the decrypted signature, the computing device determines that the encryption key does not correspond to the decryption key. Based on determining that the encryption key does not correspond to the decryption key, the computing device stores the base station identifier in a data store in association with a false base station indicator.

Abstract: A method of establishing an application layer connection between a user equipment (UE) and an application executing on an edge computing node via a communication network. The method comprises receiving an application service availability message by the UE that identifies a plurality of networks that provide access to an identified application executing on an edge computing node within the network; for each network identified in the application service availability message, receiving by the UE an application service figure-of-merit determined by that network associated with a prospective application layer connection between the UE and an edge computing node executing the identified application that is located in that network; based on evaluating the figure-of-merit associated with each network establishing an application layer connection by the UE via the selected network to the application executing on the edge computing node in the selected network.

Abstract: A method for implementing a slice security zone (SSZ) in a 5G network. The method comprises storing by an SSZ function executing on a first network server an SSZ security profile of the SSZ in a secure storage function, receiving by the SSZ function from a slice management function a slice registration request comprising information relating to a slice security profile of a slice managed by the slice management function, if the slice security profile complies with the SSZ security profile, storing by the SSZ function a slice registration association between the slice and the SSZ in the secure storage function, and sending by the SSZ function to the slice management function a slice registration response comprising information relating to whether the slice was registered in the SSZ.

Abstract: A wireless communication network serves a Network Exposure Function (NEF) slice to User Equipment (UE). An Access and Mobility Management Function (AMF) selects a NEF slice for the UE. A Session Management Function (SMF) selects a NEF address for the NEF slice for the UE. A User Plane Function (UPF) exchanges Application Programming Interface (API) calls and responses between the UE and a NEF based on the NEF address. The NEF exchanges the API messages with the UE over the UPF. The NEF slice may comprise an edge NEF slice that is selected based on the geographic location of the UE and that features a local NEF element that is coupled to a core NEF element.

Abstract: A method of directing encrypted data transmitted wirelessly on a communication network comprising receiving encrypted data, by a managing application executing on a virtual network, from a user equipment (UE) operating on a mobile network. The managing application on the virtual network is coupled with an access node and deciphers a portion of the data encrypted with homomorphic encryption to determine a data characteristic. The managing application routes the encrypted data to a network location in response to the data characteristic of the encrypted data.

Abstract: A method for edge network authentication and access, implemented by an edge server, including receiving user equipment (UE) information from an application client executed on a UE to establish a connection between the edge server and the UE, verifying whether the UE has authorization to the local access point name (APN) based on the UE information, generating a session key when the UE has authorization to the local APN, sending the session key to the UE, receiving a request to access content of an application on a content server from the UE, decrypting the information to obtain a key, comparing the key with the application key to validate the UE, verifying identifiers of the UE when the UE is valid, identifying the application on the content server to obtain the content based on the request, encrypting and sending a session identifier to the UE based on a new application key.

Abstract: System and method for creating a secure enclave for User Equipment Route Selection Policy (URSP) rules in User Equipment (UE) in 5G to prevent malicious tampering and modification of the URSP rules. When the URSP rules are changed, a request is sent to receive a new set of URSP rules or receive an update of the URSP rules.

Abstract: A method of establishing an application layer connection between a user equipment (UE) and an application executing on an edge computing node via a communication network. The method comprises receiving an application service availability message by the UE that identifies a plurality of networks that provide access to an identified application executing on an edge computing node within the network; for each network identified in the application service availability message, receiving by the UE an application service figure-of-merit determined by that network associated with a prospective application layer connection between the UE and an edge computing node executing the identified application that is located in that network; based on evaluating the figure-of-merit associated with each network establishing an application layer connection by the UE via the selected network to the application executing on the edge computing node in the selected network.

Abstract: A wireless communication network serves sensor data from a wireless sensor to a data system. The wireless communication network receives a sensor request transferred by the data system. The wireless communication network transfers the sensor request to a Network Exposure Function (NEF). The wireless communication network receives sensor data transferred by the wireless sensor. The wireless communication network transfers the sensor data to the NEF. The NEF receives the sensor data and the sensor request, and in response, transfers the sensor data for delivery to the data system.

Abstract: A wireless communication network to serve a User Equipment (UE) over Network Exposure Functions (NEFs) that have Application Programming Interfaces (APIs). In the wireless communication network, a NEF Interface Function (NIF) receives a NEF request from a network function. The NIF correlates the NEF request with one of the APIs. The NIF selects one of the NEFs based on the one of the APIs. The NIF translates the NEF request into an API call based on the one of the APIs. The NIF transfers the API call to the one of the NEFs. The one of the NEFs receive the API call and responsively performs a network task for the UE based on the API call.

Abstract: A method of performing a virtual network function. The method comprises forking a user plane process on a computer by a virtual network function process that executes on the computer, forking a control plane process on the computer by the virtual network function process, adding blocks to a user plane blockchain by the user plane process that record user plane events, adding blocks to a control plane blockchain by the control plane process that record control plane events, creating a first package of information by the user plane process based on the user plane blockchain, self-terminating by the user plane process while passing the first package of information to the virtual network function process, creating a second package of information by the control plane process based on the control plane blockchain, self-terminating by the control plane process while passing the second package of information to the virtual network function process.

Abstract: A method of authorizing computing services at the edge of a communication network.

Abstract: A method for providing a translating virtual network function by a network element. The method comprises receiving by the network element a first Packet Forwarding Control Protocol (PFCP) message of a plurality of PFCP messages at a first Internet Protocol (IP) address of a plurality of IP addresses of the network element, the first IP address corresponding to a first Session Management Function (SMF) of one or more SMFs, selecting by the network element a translation method based on the first IP address on which the first PFCP message was received, translating by the network element the first PFCP message using the selected translation method into a function-based model representation of the first PFCP message, and configuring by the network element a network interface controller to implement, based on the representation of the first PFCP message, a protocol data unit (PDU) session.

Abstract: A User Equipment (UE) receives wireless network services from a first wireless network slice and a second wireless network slice over a non-Third Generation Partnership Project (non-3GPP) link. A Third Generation Partnership Project (3GPP) client authenticates with a 3GPP network over the non-3GPP link and establishes a first N1 signaling link for the first wireless network slice over the non-3GPP link. The 3GPP client authenticates with the 3GPP network over the non-3GPP link and establishes a second N1 signaling link for the second wireless network slice over the non-3GPP link. The first user application exchanges data with the first wireless network slice over the non-3GPP link. The second user application exchanges data with the second wireless network slice over the non-3GPP link. The 3GPP client maintains both N1 signaling links when both user applications are exchanging their data with the wireless network slices over the non-3GPP link.

Abstract: A wireless communication network performs quantum authentication for a wireless User Equipment (UE). In the wireless communication network, quantum circuitry selects polarization states for qubits, generates and transfers the qubits, exchanges cryptography information with edge quantum circuitry, generates cryptography keys based on polarization states and cryptography information, and transfers the cryptography keys to network authentication circuitry. The edge quantum circuitry receives and process the qubits, determines the polarization states for the qubits, exchanges the cryptography information with the network quantum circuitry, generates the cryptography keys based on the polarization states and cryptography information, and transfers the cryptography keys to the wireless UE. The wireless UE generates authentication data based on the cryptography keys and wirelessly transfers the authentication data for delivery to the network authentication circuitry.

Abstract: A wireless User Equipment (UE) performs quantum authentication with a wireless communication network. The wireless UE receives qubits that were generated by the wireless communication network and determines polarization states for the qubits. The wireless UE exchanges cryptography information with the wireless communication network. The wireless UE and the wireless communication network both generate cryptography keys based on the polarization states and the cryptography information. The wireless UE generates authentication data based the cryptography keys. The wireless UE wirelessly transfers the authentication data to the wireless communication network. The wireless communication network authenticates the wireless UE based on the authentication data and the cryptography keys.

Abstract: A wireless communication network serves User Equipment (UEs) over wireless network slices that comprise Network Exposure Functions (NEFs). The egress AF receives a slice request from an external data system and transfers the slice request to the NEF in the wireless network slice. An Access and Mobility Management Function (AMF) selects the wireless network slice for the UE. The UPF in the wireless network slice receives user data from the UE and transfers the user data to the ingress AF in the wireless network slice. The ingress AF transfers the user data to the NEF in the wireless network slice. The NEF transfers the user data to the egress AF in response to the slice request. The egress AF transfers the user data to the external data system in response to the slice request.