Abstract: Methods to support User Plane Separation (UPS) and User Plane Local offloading (UPL) for Fifth Generation (5G) non-Third Generation Partnership Project (3GPP) access are provided, including solutions for untrusted non-3GPP, trusted non-3GPP, and fixed/wireline communications via a Non-3GPP interworking Function (N3IWF) node. Three UPS solutions methods are provided, as well as UPL solution methods for 5G non-3GPP access involving N3IWFs with or without separated Control Plane (CP) and User Plane (UP) that are combined with a User Plane Function (UPF). Solutions to allow multiple CP entities to control the same single UP entity are also provided.

Abstract: This specification presents a method and apparatus to establish a transport layer security, TLS, tunnel over Ethernet, ETLS tunnel between two endpoints (UE and WAG) and to transport UE traffic encapsulated and encrypted in a proposed TLS type Ethernet frame for all applications, thus providing secure layer 2 connectivity over public wireless local area networks, WLAN, for all UE traffic and overcome the security vulnerability of the traditional HTTP login mechanism over the public WLAN. The UE uses the TLS handshake protocol which may include negotiating ETLS capabilities extension that comprises wireless control protocol for establishing a packet data connection and tunneled authentication protocol for UE authentication and full Ethernet protection for encrypting Ethernet frames of different types.

Abstract: Embodiments of the invention relate to methods and apparatus for establishing a secure connectivity for WiFi calling service to the EPC over a trusted or managed WLAN by establishing an IPSec tunnel over the WLAN with a gateway in the EPC (ePDG) through an HTTP server and logging to the HTTP server that may be co-located with the ePDG. The disclosure could enable internet traffic to be routed through the WLAN or through the HTTP server itself while routing WiFi calling service related traffic through the HTTP server and ePDG. The UE authentication used to establish the IPSec tunnel is used as a common authentication for the secure connectivity for WiFi calling service and local routing of internet traffic as permitted.

Abstract: Systems and methods relating to providing identity privacy over a trusted or untrusted non-3GPP access network in a wireless communication system are disclosed. In some embodiments, a method of operation of a wireless device comprises sending a message to a gateway (ePDG, N3IWF or TWAG) where the message comprises an anonymous user identity; receiving a request for obfuscating the user identity wherein the request comprises a server certificate; and validating the server certificate and sending a response message back to the gateway, comprising the user identity obfuscated by a public key associated with the server certificate. Similar methods are provided on the gateway side and AAA server side. In this manner, the user identity is protected when establishing the connection to the core network and protects against a man in the middle attack.

Abstract: The embodiments herein relate to a method performed by an access GW node of a non-3GPP access for authentication of a TLS connection. The access GW node receives a 2nd key derived during an authentication procedure. The access GW node receives a first TLS message comprising first authentication data and calculates second authentication data based on a 1st key and the 2nd key. The 1st key is associated with the TLS connection. The access GW node calculates third authentication data based on the 1st and 2nd keys. The access GW node transmits the second TLS message comprising the third authentication data. The access GW node verifies that the first authentication data is substantially the same as the second authentication data, and authenticates the TLS connection when the received first authentication data is successfully verified.

Abstract: The present disclosure provides a refrigerator with an ice maker, an ice maker ice-overturning control method, and an ice maker water injection control method. The refrigerator in the present disclosure can: perceive whether the ice cube tray is already taken out to avoid continued water injection after the ice cube tray is taken out; and perceive a temperature of ice in the ice cube tray to accurately determine a current situation of ice making so as to perform accurate control for the ice maker, thereby avoiding ice cube lumping due to unsuccessful overturning in the refrigerator, and greatly improving the ice making efficiency. Further, the refrigerator can accurately determine whether the ice tray is mounted to be in place, so as to complete a series of water injection and ice making operation accurately.

Abstract: The present disclosure provides a photochromic nanomaterial capable of blocking ultraviolet rays with a general formula of MaObXc, a production method and use thereof, wherein the M, O and X and a, b and c are as defined herein. The nanomaterial may be prepared by the following method: heating a mixture of an M-containing cation source compound, a polyol, a surfactant and first solvent under agitation, to obtain a hot first solution; mixing an X-containing anion source compound and a second solvent, to obtain a second solution; injecting the second solution into the hot first solution, to perform a reaction and obtain a reaction mixture; and subjecting the reaction mixture to post-treatment. The nanomaterial of the present disclosure can block 80% or more of UV rays, in particular, may change to a transparent dark color and reduce the transmittance under irradiation by strong light, whereas may restore colorless transparent state under irradiation by weak or non-strong light.

Abstract: Methods to support User Plane Separation (UPS) and User Plane Local offloading (UPL) for Fifth Generation (5G) non-Third Generation Partnership Project (3GPP) access are provided, including solutions for untrusted non-3GPP, trusted non-3GPP, and fixed/wireline communications via a Non-3GPP interworking Function (N3IWF) node. Three UPS solutions methods are provided, as well as UPL solution methods for 5G non-3GPP access involving N3IWFs with or without separated Control Plane (CP) and User Plane (UP) that are combined with a User Plane Function (UPF). Solutions to allow multiple CP entities to control the same single UP entity are also provided.

Abstract: Methods relating to an access gateway AGF for managing bearer resources and traffic mapping for QoS flows between the AGF and a CPE or a UE behind a CPE when the AGF provides access to the CPE/UE to a CN (e.g., 5GC) are provided. When the AGF receives a message from 5GC comprising one or more QoS profiles with corresponding QoS flow Identifiers, QFIs, the AGF determines whether it should establish new bearers or use existing bearers for the QFIs, then creates a mapping between each of the corresponding QFIs and a bearer ID of each of the one or more bearers and may indicate the L2/L3 QOS marking to be applied at the bearer level or QoS flow level. The AGF instructs the CPE/UE to create or update the one or more bearers indicating for each bearer identifier the corresponding one or more QFIs.

Abstract: Embodiments of this invention relate to methods and apparatus for establishing additional simultaneous packet data network (PDN) connections between a User Equipment (UE) and an evolved packet core network (EPC) over an untrusted WiFi network. The UE is attached to the EPC through a security gateway over a first PDN connection over which the UE is authenticated and has established an Internet Key Exchange Security Association (IKE SA) and a first Internet Protocol Security SA (IPSec SA). The UE then establishes an additional PDN connection using a new IKE request/response exchange or an enhanced IKE CREATE_CHILD_SA exchange that is cryptographically protected using algorithms and keys negotiated during the first PDN connection, hence improving delay and battery life of the UE as the UE no longer needs, for each additional PDN connection, to negotiate an individual IKE SA and to authenticate the UE.

Abstract: The present disclosure provides a photochromic nanomaterial capable of blocking ultraviolet rays with a general formula of MaObXc, a production method and use thereof, wherein the M, O and X and a, b and c are as defined herein. The nanomaterial may be prepared by the following method: heating a mixture of an M-containing cation source compound, a polyol, a surfactant and first solvent under agitation, to obtain a hot first solution; mixing an X-containing anion source compound and a second solvent, to obtain a second solution; injecting the second solution into the hot first solution, to perform a reaction and obtain a reaction mixture; and subjecting the reaction mixture to post-treatment. The nanomaterial of the present disclosure can block 80% or more of UV rays, in particular, may change to a transparent dark color and reduce the transmittance under irradiation by strong light, whereas may restore colorless transparent state under irradiation by weak or non-strong light.

Abstract: Systems and methods relating to providing identity privacy over a trusted or untrusted non-3GPP access network in a wireless communication system are disclosed. In some embodiments, a method of operation of a wireless device comprises sending a message to a gateway (ePDG, N3IWF or TWAG) where the message comprises an anonymous user identity; receiving a request for obfuscating the user identity wherein the request comprises a server certificate; and validating the server certificate and sending a response message back to the gateway, comprising the user identity obfuscated by a public key associated with the server certificate. Similar methods are provided on the gateway side and AAA server side. In this manner, the user identity is protected when establishing the connection to the core network and protects against a man in the middle attack.

Abstract: This specification presents a method and apparatus to establish a transport layer security, TLS, tunnel over Ethernet, ETLS tunnel between two endpoints (UE and WAG) and to transport UE traffic encapsulated and encrypted in a proposed TLS type Ethernet frame for all applications, thus providing secure layer 2 connectivity over public wireless local area networks, WLAN, for all UE traffic and overcome the security vulnerability of the traditional HTTP login mechanism over the public WLAN. The UE uses the TLS handshake protocol which may include negotiating ETLS capabilities extension that comprises wireless control protocol for establishing a packet data connection and tunneled authentication protocol for UE authentication and full Ethernet protection for encrypting Ethernet frames of different types.

Abstract: Embodiments of the invention relate to methods and apparatus for establishing a secure connectivity for WiFi calling service to the EPC over a trusted or managed WLAN by establishing an IPSec tunnel over the WLAN with a gateway in the EPC (ePDG) through an HTTP server and logging to the HTTP server that may be co-located with the ePDG. The disclosure could enable internet traffic to be routed through the WLAN or through the HTTP server itself while routing WiFi calling service related traffic through the HTTP server and ePDG. The UE authentication used to establish the IPSec tunnel is used as a common authentication for the secure connectivity for WiFi calling service and local routing of internet traffic as permitted.

Abstract: Embodiments of this invention relates to methods, and apparatus for establishing additional simultaneous packet data network, PDN, connections between a User Equipment, UE, and the evolved packet core network, EPC, over an untrusted WiFi network. The UE is attached to the EPC through a security gateway over a first PDN connection over which the UE is authenticated and has established an IKE Security Association, SA and a first IPSec SA. The UE then establishes an additional PDN connection using a new IKE request/response exchange or an enhanced IKE CREATE_CHILD_SA exchange that is cryptographically protected using the algorithms and keys negotiated during the first PDN connection, hence improving the delay and the UE battery life as the UE no longer needs, for each additional PDN connection, to negotiate an individual IKE SA and to authenticate the UE.