Abstract: An apparatus and system to enable dynamic offloading and execution of compute tasks are described. In split CU-DU RAN architectures, the CU-CP is connected with multiple compute control functions (CF) and service functions (SF) that have different computing hardware/software capabilities. Different architectures depend on whether the SF is collocated with the CU-UP, the CU-UP and SF only serve compute messages, a compute message is supplied directly to the CU-UP or also traverses the CU-CP. In response to reception from a UE of a compute message containing data for computation being sent to the CU-CP through the DU, the CU-CP sends the data to the SF with identifiers and sends the result to the UE.

Abstract: An apparatus, method, and system are described for data transfer between a user equipment (UE) and Data Storage Function (DSF) in a 6G system. The data transfer occurs via a control and/or user plane using a data ID and data filter defined using data ID, metadata, data source, and labeling. User plane data transfer is based on a protocol data unit (PDU) or a standalone data session. The DSF provides data services by service application programming interfaces (APIs). A Service Infrastructure Control Function (SICF) configures routing policies to an evolved Service Communication Proxy User Plane (eSCP-U) to route data inquiries to the correct DSF using a service mesh.

Abstract: Systems and methods of protecting an initial NAS message are described. Depending on whether a security context for a serving PLMN is stored, the UE uses either a public key from the serving PLMN or a key from the security context to encrypt parts of the initial NAS message. An initial NAS message containing the encrypted parts is then sent to an AMF of the serving PLMN. The serving PLMN public key is transmitted via a SIB. Prior to transmission of the initial NAS message or in parallel with it, an RRC message is sent to the base station. The RRC message contains the UE identifier and/or a NSSAI encrypted using the serving PLMN public key.

Abstract: Systems and methods of protecting an initial NAS message are described. The NAS message is encrypted using the home PLMN public key during initial registration with the network using a registration request message. An AMF of the serving PLMN sends a serving PLMN public key which is then used to encrypt information including an S-NSSAI of later initial NAS messages after initial registration is completed. The S-NSSAI may not be sent in the later initial NAS message if the S-NSSAI is provided at an access stratum level. The RRC message may contain an indication that the S-NSSAI is encrypted using the serving PLMN public key.

Abstract: Systems and methods of protecting an initial NAS message are described. Depending on whether a security contex.1: for a serving PLMN is stored, the UE uses either a public key from the serving PLMN or a key from the security context to encrypt parts of the initial NAS message. An initial NAS message containing the encrypted parts is then sent to an AMF of the serving PLMN. The serving PLMN public key is transmitted via a SIB. Prior to transmission of the initial NAS message or in parallel with it, an RRC message is sent to the base station. The RRC message contains the UE identifier and/or a NSSAI encrypted using the serving PLMN public key.

Abstract: Packet protection is described. Data of a group of packets is concatenated with a security key and a sequence number of the packet. A hash mark of the concatenated data is calculated and sent with data or control information in a packet. If each packet has reserved bits, at least some of the packets each has data, a least a portion of the hash mark, and a header having: a first bit that indicates if the hash mark is present, and a second bit that indicates if the packet is used to determine the hash mark. Otherwise, a separate control packet is sent that contains the hash mark, a first sequence number of the group of packets, and a PDU type indicating that the control packet is an integrity protection packet for the group of PDCP packets.

Abstract: An apparatus and system for onboarding based on UE default manufacturer credentials are described. A UE sends default manufacturer credentials and an indication to proceed with restricted onboarding to an onboarding non-public network (O-SNPN). An Onboarding Server validates the authenticity of the UE based on the manufacturer credentials and sends a certificate. The UE is provisioned with a set of roots of trust certificate information to use to authenticate the certificate using one way authentication. After authentication, the UE receives network credentials and performs mutual authentication to register with a NPN while being authenticated by a home network. The UE identity is indicated as anonymous in response to an indication by the O-SNPN for subscriber identifier privacy.

Abstract: Systems and methods of providing steering of roaming (SOR) information in a 5G VPLMN are described. A UE receives a REGISTRATION ACCEPT message from an AMF of the VPLMN during initial or mobility registration of the UE in the VPLMN and DL NAS TRANSPORT message thereafter. The message has a Payload container information element (IE) set to secured packet. The SOR information indicates a list of preferred PLMN/access technology combinations, which is uploaded to a memory after a successful security check to verify that the list of preferred PLMN/access technology combinations is provided by the UDM of the HPLMN and is not tampered with by the VPLMN. When the message also contains a request for acknowledgment of successful security check of the list of preferred PLMN/access technology combinations, the UE transmits to the AMF the acknowledgment in a REGISTRATION COMPLETE or a DL NAS TRANSPORT message.

Abstract: Systems and methods of protecting an initial NAS message are described. Depending on whether a security context for a serving PLMN is stored, the UE uses either a public key from the serving PLMN or a key from the security context to encrypt parts of the initial NAS message. An initial NAS message containing the encrypted parts is then sent to an AMF of the serving PLMN. The serving PLMN public key is transmitted via a SIB. Prior to transmission of the initial NAS message or in parallel with it, an RRC message is sent to the base station. The RRC message contains the UE identifier and/or a NSSAI encrypted using the serving PLMN public key.

Abstract: Systems and methods of providing secondary authentication credentials for an external network are described. The credentials are provided from the UE to the GGSN via the SGSN during establishment of a PDN connection for the UE in a NAS message. The SGSN receives an Activate PDP Context Request from the UE and sends to the GGSN a Create PDP Context Request. The Requests include a PCO IE with the credentials. The GGSN determines a RADIUS and/or DHCP server to be used for IP address allocation, a protocol to be used with the server, and security features to use to dialogue with the server. The GGSN obtains the IP address from the server and provides the IP address to the UE via the SGSN via Create PDP Context Response.

Abstract: Packet protection is described. Data of a group of packets is concatenated with a security key and a sequence number of the packet. A hash mark of the concatenated data is calculated and sent with data or control information in a packet. If each packet has reserved bits, at least some of the packets each has data, a least a portion of the hash mark, and a header having: a first bit that indicates if the hash mark is present, and a second bit that indicates if the packet is used to determine the hash mark. Otherwise, a separate control packet is sent that contains the hash mark, a first sequence number of the group of packets, and a PDU type indicating that the control packet is an integrity protection packet for the group of PDCP packets.

Abstract: An apparatus and system to enable dynamic offloading and execution of compute tasks are described. In split CU-DU RAN architectures, the CU-CP is connected with multiple compute control functions (CF) and service functions (SF) that have different computing hardware/software capabilities. Different architectures depend on whether the SF is collocated with the CU-UP, the CU-UP and SF only serve compute messages, a compute message is supplied directly to the CU-UP or also traverses the CU-CP. In response to reception from a UE of a compute message containing data for computation being sent to the CU-CP through the DU, the CU-CP sends the data to the SF with identifiers and sends the result to the UE.

Abstract: Systems and methods of protecting an initial NAS message are described. The NAS message is encrypted using the home PLMN public key during initial registration with the network using a registration request message. An AMF of the serving PLMN sends a serving PLMN public key which is then used to encrypt information including an S-NSSAI of later initial NAS messages after initial registration is completed. The S-NSSAI may not be sent in the later initial NAS message if the S-NSSAI is provided at an access stratum level. The RRC message may contain an indication that the S-NSSAI is encrypted using the serving PLMN public key.

Abstract: Systems and methods of providing steering of roaming (SOR) information in a 5G VPLMN are described. A UE receives a REGISTRATION ACCEPT message from an AMF of the VPLMN during initial or mobility registration of the UE in the VPLMN and DL NAS TRANSPORT message thereafter. The message has a Payload container information element (IE) set to secured packet. The SOR information indicates a list of preferred PLMN/access technology combinations, which is uploaded to a memory after a successful security check to verify that the list of preferred PLMN/access technology combinations is provided by the UDM of the HPLMN and is not tampered with by the VPLMN. When the message also contains a request for acknowledgment of successful security check of the list of preferred PLMN/access technology combinations, the UE transmits to the AMF the acknowledgment in a REGISTRATION COMPLETE or a DL NAS TRANSPORT message.

Abstract: User equipment (UE) within dual connectivity (DC) architecture with a Master Node-B (MN) and a Secondary Node-B (SN) includes processing circuitry decoding connection reconfiguration information from the MN. The connection reconfiguration information includes signaling radio bearer type 3 (SRB3) configuration information. The SRB3 configuration information originates from the SN and configures a SRB3, the SRB3 for a radio resource control (RRC) connection between the UE and the SN. An RRC connection reconfiguration request message received from the SN via the SRB3 is decoded. The RRC connection reconfiguration request message includes UE new radio (NR) security capability information of the SN. The processing circuitry further determines whether the UE NR security capability information received from the SN matches UE NR security capability information received by the UE from the MN.

Abstract: Systems and methods of providing steering of roaming (SOR) information in a 5G VPLMN are described. A UE receives a REGISTRATION ACCEPT message from an AMF of the VPLMN during initial or mobility registration of the UE in the VPLMN and DL NAS TRANSPORT message thereafter. The message has a Payload container information element (IE) set to secured packet. The SOR information indicates a list of preferred PLMN/access technology combinations, which is uploaded to a memory after a successful security check to verify that the list of preferred PLMN/access technology combinations is provided by the UDM of the HPLMN and is not tampered with by the VPLMN. When the message also contains a request for acknowledgment of successful security check of the list of preferred PLMN/access technology combinations, the UE transmits to the AMF the acknowledgment in a REGISTRATION COMPLETE or a DL NAS TRANSPORT message.

Abstract: User equipment (UE) within dual connectivity (DC) architecture with a Master Node-B (MN) and a Secondary Node-B (SN) includes processing circuitry decoding connection reconfiguration information from the MN. The connection reconfiguration information includes signaling radio bearer type 3 (SRB3) configuration information. The SRB3 configuration information originates from the SN and configures a SRB3, the SRB3 for a radio resource control (RRC) connection between the UE and the SN. An RRC connection reconfiguration request message received from the SN via the SRB3 is decoded. The RRC connection reconfiguration request message includes UE new radio (NR) security capability information of the SN. The processing circuitry further determines whether the UE NR security capability information received from the SN matches UE NR security capability information received by the UE from the MN.

Abstract: Described herein are techniques related to a wireless enhanced projector (WEP) that is utilized by one or more devices, such as a mobile phone, a cellular phone, a Smartphone, a personal digital assistant, a tablet computer, and the like. In an implementation, the one or more devices may connect to the WEP through a server device that may be connected and/or integrated with the WEP. In this implementation, at least one of the one or more devices may be configured to be a super-user device (i.e., moderator or administrator device), while the rest of the one or more devices may be regular client devices.

Abstract: Described herein are techniques related to a wireless enhanced projector (WEP) that is utilized by one or more devices, such as a mobile phone, a cellular phone, a Smartphone, a personal digital assistant, a tablet computer, and the like. In an implementation, the one or more devices may connect to the WEP through a server device that may be connected and/or integrated with the WEP. In this implementation, at least one of the one or more devices may be configured to be a super-user device (i.e., moderator or administrator device), while the rest of the one or more devices may be regular client devices.