Abstract: Techniques for detecting and isolating rogue network entities in a communication network are provided. For example, a method comprises receiving from at least one network entity in a communication network a message identifying one or more network entities suspected of malicious activity operating within the communication network, and initiating one or more remedial actions within the communication network to prevent the one or more network entities suspected of malicious activity operating within the communication network from accessing other network entities in the communication network.

Abstract: It is provided a method comprising: checking whether a maximum data rate for a subscriber for a network slice is received; monitoring, if the maximum data rate for the subscriber for the network slice is received, whether a hypothetical total data rate of all flows of the subscriber for the network slice would exceed the maximum data rate for the subscriber for the network slice if a grant to transmit data were provided for the subscriber for packets belonging to the network slice; inhibiting providing the grant for the subscriber if the hypothetical total data rate of all flows of the subscriber for the network slice exceeded the maximum data rate of the network slice if the grant were provided.

Abstract: A method, apparatus, and computer program product relating to notification requests and callback requests in indirect communications are provided. In the context of a method, the method includes sending a service request for selection of a service consumer. The service request is one of a notification request or a callback request. The method further includes indicating a version of a programming interface configured to support the service request.

Abstract: Improved techniques for secure access control in communication systems are provided. In one example, in accordance with an authorization server function, a method comprises receiving a request from a service consumer in a communication system for access to a service type and one or more resources associated with the service type. The method determines whether the service consumer is authorized to access the service type and the one or more resources associated with the service type. The method generates an access token that identifies one or more service producers for the service type and the one or more resources associated with the service type that the service consumer is authorized to access, and sends the access token to the service consumer. The service consumer can then use the access token to access the one or more services and one or more resources. In addition to such resource level access authorization, target network function group access authorization can be performed.

Abstract: Improved techniques for secure access control in communication systems are provided. Secure access control in one or more examples includes authorization of network function sets. For example, in accordance with an authorization server function, a method includes receiving a request from a service consumer in a communication system for access to a service type, wherein the request comprises information including a service producer set identifier. The method determines whether the service consumer is authorized to access the service type. The method identifies service producer instances that belong to the requested service producer set identifier. The method generates an access token that comprises identifiers for identified ones of the service producer instances that belong to the requested service producer set identifier, and sends the access token to the service consumer.

Abstract: Improved security management techniques between user equipment and a communication system are provided. For example, techniques are provided for preventing malicious attacks via a user equipment deregistration process. In one example, a method comprises sending a deregistration request message from the given user equipment to a communication system to which the given user equipment is registered, wherein the deregistration request message is security-protected and comprises a temporary identifier assigned to the given user equipment. By not sending the deregistration request message with a subscription concealed identifier, the given user equipment prevents a malicious actor from succeeding with a deregistration attack replaying the subscription concealed identifier.

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for hop-by-hop security. A proposed method comprises receiving, at a first apparatus and from a second apparatus associated with a first network function, a message directed from the first network function to a second network function, the message comprising a first signature and network function information, the network function information at least comprising identification information of the first network function; in accordance with a successful validation of the first signature, updating the message with a second signature specific to a service communication proxy implemented by the first apparatus; and transmitting the updated message to a third apparatus associated with the second network function, the updated message comprising at least the second signature and the network function information.

Abstract: It is provided a method, comprising monitoring if a received request comprises a notification indication, wherein the notification indication indicates that the request is one of a callback request and a notification request; handling the request as a service request if the request does not comprise the notification indication; handling the request as a notification or callback request if the request comprises the notification indication, wherein the handling as a service request is different from the handling as a notification or callback request.

Abstract: A system and method for notifying the calling party of acknowledgment of the missed calls by the called party is disclosed. The called party and the calling party can subscribe for the notification service to enable charging for the service. When the calling party initiates a call to the called party it may result in a missed call as the called party may be out of coverage area or busy. When the called party views the record of the missed call a notification is generated on the wireless device by the application on the wireless device of the called party. The notification is then sent to the calling party. The acknowledgement notification may be sent directly to the calling party or via an application server.

Abstract: A system and method for notifying the calling party of acknowledgment of the missed calls by the called party is disclosed. The called party and the calling party can subscribe for the notification service to enable charging for the service. When the calling party initiates a call to the called party it may result in a missed call as the called party may be out of coverage area or busy. When the called party views the record of the missed call a notification is generated on the wireless device by the application on the wireless device of the called party. The notification is then sent to the calling party. The acknowledgement notification may be sent directly to the calling party or via an application server.