Abstract: A method of authenticating access of an electronic device to an application server based on a subscriber identity module (SIM) associated with the electronic device. The method receiving an authentication challenge from an application executing on the device by a SIM application toolkit (SAT) executing on the device, transmitting a random number and an authentication value of the challenge to a SIM of the device by the SAT, receiving a response from the SIM by the SAT, transmitting an authentication response to the application by the SAT, where the authentication response comprises the response received from the SIM, generating an application key by the SAT based at least in part on the response received from the SIM, and transmitting the application key to the application by the SAT, whereby the application executing on the electronic device establishes a communication session with an application server via an access communication network.

Abstract: When a user equipment (UE) provides a new request to a serving gateway (S GW), the S GW augments domain name system (DNS) requests and provides them to a public DNS, with the augmentation providing indications of the requested function. The public DNS responds by providing the IP address of a simplified packet data network (PDN) gateway (P GW) close to the UE location. The P GW forwards communications to the nearest instance of an endpoint providing the requested service or function. In embodiments, some of the functions of the P GW are shifted to other devices in the mobile core, devices that are already local. The simplification of the P GW allows the P GW to be virtualized and moved to a general-purpose server location. Existing information present in the data path is used to provide encryption of portions of the General Packet Radio Services (GPRS) Tunneling Protocol (GTP) connection, allowing the location of the P GW to be optimized in a virtual server data center, as the data path is now secure.

Abstract: A method of authenticating access of an electronic device to an application server based on a subscriber identity module (SIM) associated with the electronic device. The method receiving an authentication challenge from an application executing on the device by a SIM application toolkit (SAT) executing on the device, transmitting a random number and an authentication value of the challenge to a SIM of the device by the SAT, receiving a response from the SIM by the SAT, transmitting an authentication response to the application by the SAT, where the authentication response comprises the response received from the SIM, generating an application key by the SAT based at least in part on the response received from the SIM, and transmitting the application key to the application by the SAT, whereby the application executing on the electronic device establishes a communication session with an application server via an access communication network.

Abstract: Use of available bits in the TEID field of the GTP header to hold information needed to recreate at least a partial state of the session, enough for it to be routed, without waiting for a full state update. The GTP PDU contains the IP Payload with the source and destination IP addresses. The embodiments use that information and the coded TEID bits to provide sufficient routing information so that the packet can be routed without the full state. The TEID is coded to include bits identifying the APN and bits identifying the QCI of the session. A bit can be used to indicate drop if the full state not available. The remaining bits are used to identify unique user sessions. Some of the TEID bits can be encoded with the charging ID. Because sufficient routing information is provided in each packet, a backup gateway does not need to checkpoint.

Abstract: An intelligent system and a method in a packet network to utilize the radio network resource and the core network resource in an optimized way so that more high priority, critical devices are granted access to the network while throttling the low priority, non-critical devices with the same given resource. The system collects all the necessary information from the signaling exchange between the radio access network and the core network and takes the device subscription characteristics and statically or dynamically defined throttling behavior rules into consideration to choose the optimal behavior to handle the requests from devices at any given time including deciding to reject the requests for certain types of devices under certain network conditions while granting the requests for other types of devices.

Abstract: Use of available bits in the TEID field of the GTP header to hold information needed to recreate at least a partial state of the session, enough for it to be routed, without waiting for a full state update. The GTP PDU contains the IP Payload with the source and destination IP addresses. The embodiments use that information and the coded TEID bits to provide sufficient routing information so that the packet can be routed without the full state. The TEID is coded to include bits identifying the APN and bits identifying the QCI of the session. A bit can be used to indicate drop if the full state not available. The remaining bits are used to identify unique user sessions. Some of the TEID bits can be encoded with the charging ID. Because sufficient routing information is provided in each packet, a backup gateway does not need to checkpoint.

Abstract: The embodiments described herein relate generally to a method and system for using mobility management entity (MME), Signaling Transfer Point (STP), Services Capability Exposure Functions (SCEF) in a 3G or 4G network and adding an application using USIM application toolkit resident in the USIM of an IoT device (UE) whereby it could use location information (i.e., broadcast public land mobile network (PLMN), Time Information, cell identification etc. to update the subscriber identification information or alternatively get an instruction from the network to do so The updated identity could help device in getting served by a nearby service nodes.

Abstract: A system and an algorithm in a mobile core network to distribute the data load across multiple data processing entities. The system is seen as having one data plane entity to the external entities like routers; hence the system can scale without needing to update the external nodes. In general when a data plane processing entity is added or removed, a new distribution rule is provided to the remaining data plane processing entities. Only after some number of sessions have been migrated does the new distribution get provided to the data distribution entities. This delay allows sufficient sessions to be migrated to minimize the overall number of packets that have to be forwarded for processing. This benefit can be maximized by taking advantage of cellular network's idle mode behavior and by migrating the sessions while they are in idle mode.

Abstract: A gateway system employing a redirect mechanism at upper layer protocols over Transmission Control Protocol (TCP) in a packet network to circumvent problems related to alteration of TCP sequence number due to header enrichment. The gateway system increases the size of a redirect message by the size of the header enrichment and thereby brings TCP sequence number on both ends in sync despite adding the header enrichment information.

Abstract: A mechanism to allow provisioning and use of BYOD (Bring Your Own Device) for authorized access in the enterprise network through a 3G/4G/Wi-Fi access network is provided. A brokering entity in the mobile packet core is provisioned for each authorized employee with enterprise specific rules for security and steering of user traffic. An Enterprise Container is defined as entity on the User Equipment that is self-contained virtual machine with enterprise sanctioned applications. An intelligent mechanism for and steering of signaling and traffic from such BYOD devices to the brokering entity is defined. At any time by using the personal container or the default behavior of the user equipment the user can get mobile service as if the Enterprise Container did not exist. Further, when such employment relationship is terminated the user's BYOD needs to be restored to its pre-employment functionality.

Abstract: An intelligent system and a method in a packet network to utilize the radio network resource and the core network resource in an optimized way so that more high priority, critical devices are granted access to the network while throttling the low priority, non-critical devices with the same given resource. The system collects all the necessary information from the signaling exchange between the radio access network and the core network and takes the device subscription characteristics and statically or dynamically defined throttling behavior rules into consideration to choose the optimal behavior to handle the requests from devices at any given time including deciding to reject the requests for certain types of devices under certain network conditions while granting the requests for other types of devices.

Abstract: A system and an algorithm in a mobile core network to distribute the data load across multiple data processing entities. The system is seen as having one data plane entity to the external entities like routers; hence the system can scale without needing to update the external nodes. In general when a data plane processing entity is added or removed, a new distribution rule is provided to the remaining data plane processing entities. Only after some number of sessions have been migrated does the new distribution get provided to the data distribution entities. This delay allows sufficient sessions to be migrated to minimize the overall number of packets that have to be forwarded for processing. This benefit can be maximized by taking advantage of cellular network's idle mode behavior and by migrating the sessions while they are in idle mode.

Abstract: A mechanism to allow provisioning and use of BYOD (Bring Your Own Device) for authorized access in the enterprise network through a 3G/4G/Wi-Fi access network is provided. A brokering entity in the mobile packet core is provisioned for each authorized employee with enterprise specific rules for security and steering of user traffic. An Enterprise Container is defined as entity on the User Equipment that is self-contained virtual machine with enterprise sanctioned applications. An intelligent mechanism for and steering of signaling and traffic from such BYOD devices to the brokering entity is defined. At any time by using the personal container or the default behavior of the user equipment the user can get mobile service as if the Enterprise Container did not exist. Further, when such employment relationship is terminated the user's BYOD needs to be restored to its pre-employment functionality.

Abstract: The embodiments described herein relate generally to a method and system for using mobility management entity (MME) or Serving GPRS Support Node (SGSN) pooling features depending on whether it is a 3G or 4G network and adding an enhancement in the User Equipment (UE) whereby it uses location information (e.g., broadcast Public Land Mobile Network Identity (PLMN ID), Tracking Area (TA), Cell Identification, Global Positioning System (GPS) coordinates or the like) to decide from which MME or SGSN it should obtain services.

Abstract: An intelligent system and a method in a packet network to utilize the radio network resource and the core network resource in an optimized way so that more high priority, critical devices are granted access to the network while throttling the low priority, non-critical devices with the same given resource. The system collects all the necessary information from the signaling exchange between the radio access network and the core network and takes the device subscription characteristics and statically or dynamically defined throttling behavior rules into consideration to choose the optimal behavior to handle the requests from devices at any given time including deciding to reject the requests for certain types of devices under certain network conditions while granting the requests for other types of devices.

Abstract: A system and an algorithm in a mobile core network to distribute the data load across multiple data processing entities. The system is seen as having one data plane entity to the external entities like routers; hence the system can scale without needing to update the external nodes. In general when a data plane processing entity is added or removed, a new distribution rule is provided to the remaining data plane processing entities. Only after some number of sessions have been migrated does the new distribution get provided to the data distribution entities. This delay allows sufficient sessions to be migrated to minimize the overall number of packets that have to be forwarded for processing. This benefit can be maximized by taking advantage of cellular network's idle mode behavior and by migrating the sessions while they are in idle mode.

Abstract: A mechanism to allow provisioning and use of BYOD (Bring Your Own Device) for authorized access in the enterprise network through a 3G/4G/Wi-Fi access network is provided. A brokering entity in the mobile packet core is provisioned for each authorized employee with enterprise specific rules for security and steering of user traffic. An Enterprise Container is defined as entity on the User Equipment that is self-contained virtual machine with enterprise sanctioned applications. An intelligent mechanism for and steering of signaling and traffic from such BYOD devices to the brokering entity is defined. At any time by using the personal container or the default behavior of the user equipment the user can get mobile service as if the Enterprise Container did not exist. Further, when such employment relationship is terminated the user's BYOD needs to be restored to its pre-employment functionality.

Abstract: A system and an algorithm in a mobile core network to distribute the data load across multiple data processing entities. The system is seen as having one data plane entity to the external entities like routers; hence the system can scale without needing to update the external nodes. In general when a data plane processing entity is added or removed, a new distribution rule is provided to the remaining data plane processing entities. Only after some number of sessions have been migrated does the new distribution get provided to the data distribution entities. This delay allows sufficient sessions to be migrated to minimize the overall number of packets that have to be forwarded for processing. This benefit can be maximized by taking advantage of cellular network's idle mode behavior and by migrating the sessions while they are in idle mode.

Abstract: When a UE provides a new request to an S-GW, the S-GW augments DNS requests and provides them to a public DNS, with the augmentation providing indications of the requested function. The public DNS responds by providing the IP address of a simplified P-GW close to the UE location. The P-GW forwards communications to the nearest instance of an endpoint providing the requested service or function. In embodiments, some of the functions of the P-GW are shifted to other devices in the mobile core, devices that are already local. The simplification of the P-GW allows the P-GW to be virtualized and moved to a general-purpose server location. Existing information present in the data path is used to provide encryption of portions of the GTP connection, allowing the location of the P-GW to be optimized in a virtual server data center, as the data path is now secure.

Abstract: A Stream Control Transmission Protocol (SCTP) cluster of multiple SCTP-servers is defined in such manner that some of the servers are assigned Active Role where others are assigned Standby Role with the purpose of ensuring uninterrupted SCTP-connections between the SCTP-cluster and any number of SCTP-clients. The Standby Servers use the same Internet Protocol (IP)-address(es) on the SCTP bound interfaces as their assigned Active Server. The Active Servers are effectively communicating to the SCTP-clients, where the Standby Servers are communicating to their assigned Active SCTP-Server using a separate backchannel TCP-connection. Over that backchannel connection the Standby Server receives regular updates from the Active Server. These updates hold enough information so that the Standby Server could locally simulate SCTP-negotiations and create SCTP-associations as if the SCTP-negotiations were performed directly with the SCTP-Clients.