Abstract: It is recognized herein that current approaches to traffic steering in M2M systems lack capabilities, particularly with respect to traversing value added services in an operator's network. As described herein, nodes or apparatuses at a machine-to-machine (M2M) service layer can leverage value added services that are deployed in an operator's network. The M2M service layer may add metadata to downlink traffic so that the metadata can be used to assist with steering and processing data in the operator's value added services (VASs) network. By of example, the M2M service layer can use a control plane interface to push polices into a network operator's VASs network, and to allow functions in the VASs network to extract information from the M2M service layer.

Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

Abstract: Systems and methods for enabling proximity services to be delivered as part of an application service and/or for providing tailored services and/or a differential quality of service (QoS) to a flow may be disclosed. For example, a temporary service name between an application and a server such as a D2D server may be established such that a UE and/or network may execute such a service at a later time without later involvement by the application and/or without exchanging credentials for the application with the network and vice versa.

Abstract: IoT service layer capabilities may be employed to automate and simplify the service enrollment process for IoT service subscribers/enrollees. These capabilities enable virtualization of a service subscriber and the physical IoT devices, applications, data and authorized users of the subscriber into a software profile that is representative of the subscriber. Once virtualized, a service subscriber may then delegate the complexities and burden of service enrollment to an automated IoT service enrollment software function.

Abstract: In some implementations, a device of a network may receive, from a user equipment (UE), a request associated with enabling the UE to access a network, wherein the request includes a first routing indicator. The device may identify an authentication manager, of the network, that is mapped to the first routing indicator in an entry of a routing table of the network. The device may route the request to the authentication manager of the network to permit the authentication manager to authenticate the UE. The device may purge, based on the request being routed to the authentication manager, the entry to remove the first routing indicator from the routing table. The device may store, after purging the entry, a second routing indicator in the entry to map the second routing indicator to the authentication manager, wherein the second routing indicator is different from the first routing indicator.

Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

Abstract: Described herein are complete lifecycle management processes for IoT/M2M devices, which are commissioned and de-commissioned in a given system without requiring a user/human administrator. A delegated life-cycle management process is described, wherein devices rely upon a delegatee, which may have more computing and battery resources than the devices. Further, a Trust Enabling Infrastructure (TEI) is described herein, which may belong to a different trusted domain than the given device and its delegatee. A device in response to powering on for the first time, registers with a trust enabling infrastructure (TEI) and generates one or more credentials based on the registration with the TEI so as to define a trust relationship with the TEL After the registration, the device receives one or more security components and policies from the TEI and installs the one or more security components so as to define a secure environment.

Abstract: The CoAP base protocol can be enhanced to support CoAP streaming. Streaming can use a reserved “/streaming” URI and current CoAP methods can be used towards the “/streaming” location, which will trigger or terminate streaming operations. Streaming can use a new STREAM method. Alternately, the current Observe mechanism can be enhanced to support streaming. Streaming operation can be combined with existing CoAP block transfer operations.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

Abstract: IoT twinning groups can be dynamically created. These twinning groups can be activated based on selected triggers. As part of twinning operation, service delivery can be re-directing away from the primary device to the IoT twinning group. Messages originating from members of the IoT twinning group can be processed and forwarded externally as if they came from the primary device. Further, the twinning service can be de-activated based on selected triggers.

Abstract: The application describes a computer-implemented apparatus that includes a non-transitory memory having instructions stored thereon for assigning address space in a network. The apparatus also includes a processor, operably coupled to the non-transitory memory, configured to execute at least the instruction of receiving a solicitation from a router in the network. The processor is also configured to execute the instruction of replying to the solicitation with address space. The processor is also configured to execute the instruction of receiving a second solicitation from the router to register a new address. The processor is further configured to execute the instruction of determining if the new address is from a dedicated address space or a shared address space. The processor is even further configured to execute the instruction of sending a neighbor advertisement with the address registration to the router.

Abstract: Methods, system, and apparatuses may support end-to-end (E2E) quality of service (QoS) through the use of service layer (SL) sessions. For example, an application can communicate with a targeted device based on application specified schedule, latency, jitter, error rate, throughput, level of security, and cost requirements.

Abstract: Multi-RAT UEs currently have 2 independent paths to authenticate with HSS (e.g., via the MME or the 3GPP AAA Server causing repeated authentication messages to HSS). The use of one unified authentication path between the UE and HSS for Small Cell and Wi-Fi authentication is described. First, a new 3GPP EPC-TWAN interworking architecture has the MME manage all the authentication requests from multi-RAT UEs. Second, new unified authentication procedures are added, which allow the ISWN-based multi-RAT UE to be authenticated directly with the HSS, irrespective of its current access network (TWAN or HeNB). Third, new fast re-authentication procedures for Inter-RAT handover scenarios are done. Finally, the needed extensions to the various standard protocol messages to execute the authentication procedures are described.

Abstract: Systems and methods leverage trust anchors to generate tokens which can then be used by network functions (NFs). A virtualization infrastructure manager (VIM) for a virtualized platform receives a NF software package and a certificate request token (CRT) from a management function. The NF is a virtual NF, a containerized NF, or another virtual entity (xNF) to be deployed. The CRT is digitally signed by the management function and includes a network address of a trust anchor platform and a NF profile. The VIM deploys the NF and provides the CRT to the NF. The NF obtains from the CRT the network address of the trust anchor platform, generates a certificate signing request (CSR) for a digital certificate, and submits the CSR and the CRT to the trust anchor platform. The NF receives a digital certificate from the trust anchor platform based on validation of both the CSR and CRT.

Abstract: It is recognized herein that current methods and systems for performing procedures in 5G systems may not adequately protect the confidentiality and/or integrity of exchanged NSSAI and other identifiers. In methods and systems that protect NSSAI by not initially sending unprotected NSSAI, a non-optimal AMF may be selected for use by a UE, and an AMF relocation procedure may need to be performed when the NSSAI is later sent in a protected manner, wasting time and resources. In methods and systems with persistent UE identifiers, it may be possible to map the identifiers to users of an AMF and track those users. Various embodiments described herein address solutions to these and other issues.

Abstract: Methods, system, and apparatuses may support end-to-end (E2E) quality of service (QoS) through the use of service layer (SL) sessions. For example, an application can communicate with a targeted device based on application specified schedule, latency, jitter, error rate, throughput, level of security, and cost requirements.

Abstract: Systems and methods enable secure service-based communications in networks that use a Services Communications Proxy (SCP). A Network Function (NF) producer receives a service request including an authorization token and a signed service request object, wherein the service request originates from an NF consumer of the wireless core network and is forwarded to the NF producer via the SCP. The NF producer verifies the signed service request object and generates, after the verifying, a service response. The service response includes a signed service response object. The NF producer sends, to the NF consumer and via the SCP, the service response with the signed service response object.

Abstract: Methods are described that can enable resource monitoring over HTTP/2. These methods may rely on using multiple streams over persistent connections and on the HTTP/2 Push mechanism. Furthermore, a mechanism is proposed that can enable resource monitoring over multiple servers.

Abstract: Multi-RAT UEs currently have 2 independent paths to authenticate with HSS (either via the MME or the 3GPP AAA Server causing repeated authentication messages to HSS. The use of one unified authentication path between the UE and HSS for Small Cell and Wi-Fi authentication is described. First, a new 3GPP EPC-TWAN interworking architecture has the MME manage all the authentication requests from multi-RAT UEs. Second, new unified authentication procedures are added, which allow the ISWN-based multi-RAT UE to be authenticated directly with the HSS, irrespective of its current access network (TWAN or HeNB). Third, new fast re-authentication procedures for Inter-RAT handover scenarios are done. Finally, the needed extensions to the various standard protocol messages to execute the authentication procedures are described.

Abstract: Methods and procedures allow devices interwork with various types of service layers by updating the device to support the protocol of the M2M/IoT service layer that is being communicated with. Devices can coordinate/initiate download of a service layer API that is compatible with the service layer the device is attempting to use. A service layer can coordinate the autonomous update of a device with the proper service layer API which allows the device to then communicate and use services supported by the service layer component to the device. A service layer can detect a device or application lacking proper service layer functionality and can trigger a management entity to update the device or application with the service layer API required such that the device can then register to the service layer and use its services. A device or application can be customized or optimized to the service layer that it is registered to and using.