Abstract: Techniques for data management in a network entity to authorize data consumers in a communication network are disclosed. For example, a method comprises receiving, at a network entity of a communication network, data generated by a data producer in the communication network, and storing, at the network entity, the data generated by the data producer. The stored data has metadata, associated with the data producer, appended thereto.

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

Abstract: Techniques for dynamic security management in a communications network are disclosed. For example, a method comprises obtaining, at a network entity in a communication network, security information from one or more other network entities in the communication network. In response to at least a portion of the obtained security information, the method enables, by the network entity, dynamic enforcement within a user plane of the communication network of one or more security policies in accordance with one or more quality-of-service policies to manage one or more behaviors of user equipment.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving from a requesting network function, by a network repository function, an access token request, wherein the access token request is related to a network function consumer requesting access to a service provided by a network function producer and comprises an identity of a vendor of the network function consumer requesting access to the service, means for verifying by the network repository function, based at least on the identity of the vendor of the network function consumer, that the network function consumer is allowed to access the service and means for transmitting to the requesting network function, by the network repository function, an access token upon successful verification, wherein the access token generated and signed by the network repository function comprises the identity of the vendor of the network function consumer and an identity of the vendor of the network function produc

Abstract: According to an example aspect, there is provided a method, comprising: receiving, from a first network function consumer, a subscribe request for a second network function consumer to subscribe to a service, wherein the subscribe request comprises a notification address and identifies the second network function consumer, transmitting, to a network repository function, an access token request, comprising the notification address and identifying the second network function consumer, receiving, from the network repository function, an access token response comprising an access token comprising the notification address verified by the network repository function, transmitting, to the second network function consumer, an authorization request for receiving data authorization and comprising the access token, receiving, from the second network function consumer, an authorization response indicative of authorization of the second network function consumer, and transmitting, on the basis of the authorization respons

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured to receive a service request for a service provided by the apparatus, determine whether to provide the service based at least partly on an authentication based on a first identifier, comprised in an access token in the service request, and on a second identifier, comprised in a credential data element in the service request, wherein the authentication is successful when the first identifier and the second identifier identify a same network function instance or same network function instance set, and provide the service responsive to a result of the determination indicating the service is to be provided.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising means for receiving, by a network function configured to provide centralized user consent authorization in a cellular communication system, a user consent authorization request from a logical network entity, wherein the user consent authorization request comprises an identity of at least one user equipment whose user consent is requested by the logical network entity, the logical network entity being a network function service consumer or an application function, means for retrieving user consent information concerning the at least one user equipment whose user consent is requested by the logical network entity, wherein said user consent information indicates individually whether the logical network entity is authorized to access data related to each of the at least one user equipment, means for determining, based on said user consent information, whether the logical network entity is authorized to access data r

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to: receive, from a service communication proxy, a request for an access token which authorizes access to a service at a network function provider, transmit an authorization token to the service communication proxy, the authorization token being specific to the request, and provide the access token to the service communication proxy responsive to determining that a cryptographic signature of a network function consumer on a signed version of the authorization token, received in the apparatus from the service communication proxy, is correct. The apparatus may work in a network serving user equipments, for example.

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to determine whether a cryptographic signature of a token received in the apparatus from a network function consumer is valid, obtain a cryptographic signature of the apparatus of the token responsive to the cryptographic signature of the token being valid, and provide the token to a peer entity of the apparatus, wherein the cryptographic signature of the apparatus is either included into the token or provided in a header external to the token, wherein the peer entity is comprised in a second network, different from a first network where the apparatus is comprised in. The request may serve a user equipment, directly or indirectly.

Abstract: According to an example aspect of the present invention, there is provided an apparatus configured to initiate a handshake process configured to establish a control plane connection prior to establishing an associated data plane connection from the apparatus to a gateway node in second network, the apparatus being in a first network distinct from the second network, indicate during the establishing of the control plane connection that compression of payload communicated over the data plane connection is requested, and wherein the data plane connection to the gateway node traverses at least one intermediate internet protocol exchange.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, receiving, by an intermediary network function, a subscription request from a network function consumer requesting data of a network function producer, wherein the subscription request comprises a client credential assertion of the network function consumer and an access token, authorizing and authenticating, by the intermediary network function, the network function consumer upon successful validation of the access token and the client credential assertion validation and transmitting, by the intermediary network function, an access token request to an authorization server to get another access token, wherein said another access token is to be used to validate the network function consumer to access services of the network function producer, and the access token request comprises the client credential assertion of the network function consumer requesting data of the network function producer.

Abstract: According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a registration request from an application function, wherein the registration request comprises at least one parameter that needs to be used for generating an access token for the application function, the at least one parameter being associated with the application function, registering the application function by the network repository function and transmitting, by the network repository function, a response to the registration request, wherein the response comprises the at least one parameter associated with the application function.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, transmitting to a Network Function, NF, service producer, by a Service Communication Proxy, SCP, a service request on behalf of an NF service consumer, wherein the service request comprises an access token, receiving, by the SCP, a service response from the NF service producer and upon receiving the service response, transmitting to the NF service consumer, by the SCP, information related to the access token.

Abstract: Systems and methods for securing devices using traffic analysis and Software-Defined Networking (SDN). In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive traffic in a Software-Defined Network (SDN) network; identify, based upon the received traffic, a security threat; and initiate a remediation measure with respect to the security threat.

Abstract: A network topology viewer provides a simulation of a local area network. Any device communicating via the local area network is represented as an icon with networking details (such as device name, connection type and topology, network address, and port status). Moreover, the network topology viewer is web-based, thus providing a generic or agnostic solution that does not depend on hardware or software capabilities. Any device communicating via the local area network may download the network topology viewer using a software plugin or web-based application. The network topology viewer generates a complete and holistic representation of the local area network, thus simplifying diagnostics and maintenance efforts.

Abstract: A chassis map provides a virtual simulation of internal components operating in an information handling system. Any component operating within the information handling system is represented with an image and displayed according to physical location within a chassis. Moreover, the chassis map is web-based, thus providing a generic or agnostic solution that does not depend on hardware or software capabilities. Any device may download the chassis map using a software plugin or web-based application. The chassis map generates a complete and holistic representation of the information handling system, thus simplifying diagnostics and maintenance efforts.

Abstract: A network topology viewer provides a simulation of a local area network. Any device communicating via the local area network is represented as an icon with networking details (such as device name, connection type and topology, network address, and port status). Moreover, the network topology viewer is web-based, thus providing a generic or agnostic solution that does not depend on hardware or software capabilities. Any device communicating via the local area network may download the network topology viewer using a software plugin or web-based application. The network topology viewer generates a complete and holistic representation of the local area network, thus simplifying diagnostics and maintenance efforts.

Abstract: Systems and methods for securing devices using traffic analysis and Software-Defined Networking (SDN). In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive traffic in a Software-Defined Network (SDN) network; identify, based upon the received traffic, a security threat; and initiate a remediation measure with respect to the security threat.