Abstract: Systems and methods described herein provide for User Equipment (UE)-initiated authentication and authorization updates to Network Slice-Specific Authentication and Authorization (NSSAA). A network device in a core network receives a message from a user device outside of the core network, wherein the message includes a request to initiate a NSSAA procedure. The network device initiates the NSSAA procedure in response to the request. The systems and methods also provide for UE-initiated authorization revocation of NSSAA.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

Abstract: A packet destined for a Multi-access Edge Computing (MEC) network is received at a wireless station from a user device. A serving gateway (SGW) receives the packet from the wireless station via an S1U GTP tunnel and assigns an uplink S1U General Packet Radio Service (GPRS) Tunneling Protocol (GTP) tunnel endpoint identifier (TEID) to the packet. The SGW performs a network address translation (NAT) function on the packet based on the uplink S1U GTP TEID assigned to the packet to form a translated packet. The SGW transmits the translated packet to the MEC network.

Abstract: One or more computing devices, systems, and/or methods for managing security associated with applications are provided. In an example, a central security gateway may determine first security policy information associated with a first application. The central security gateway may establish a first encrypted connection with a first device of the first application. The central security gateway may manage, based upon the first security policy information and using the first encrypted connection, security associated with the first application. The central security gateway may determine second security policy information associated with a second application. The central security gateway may establish a second encrypted connection with a second device of the second application. The central security gateway may manage, based upon the second security policy information and using the second encrypted connection, security associated with the second application.

Abstract: A device may receive data relating to a site plan and image data relating to a network device. The device may determine a device identifier based on the image data, associate the device identifier with the site plan based on a common attribute between the network device and the site plan, and cause a certificate to be generated based on an authentication request to a network controller. The authentication request may cause the network controller to generate the certificate based on the device identifier and/or the site plan. The device may cause an Internet protocol (IP) address to be assigned to the network device based on the certificate, a location of the network device, and/or another related parameter, cause a node configuration to be generated based on the IP address, the device identifier, and/or the site plan, and provision the network device according to the node configuration.

Abstract: A device may include a processor configured to establish a data traffic flow for a user equipment (UE) device and determine per flow descriptor attributes associated with the data traffic flow, wherein the per flow descriptor attributes identify at least a source, a destination, and a protocol associated with the data traffic flow. The processor may be further configured to determine at least one additional per flow descriptor attribute for the data traffic flow and send the per flow descriptor attributes and the at least one additional per flow descriptor attribute to a network exposure device of a core network, wherein the network exposure device is configured to communicate with servers outside the core network.

Abstract: A device, method, and system for forwarding, to a pod, a utility container associated with each of at least one network service for enabling a pre-registration of a network function (NF) with an NF registration function (NRF); sending, from the utility container, an authorization code to an NF authorization platform, wherein the authorization code is associated with the at least one network service; suspending a registration procedure for the NF with the NRF until the authorization code is forwarded from the NF authorization platform to the NRF; and resuming, responsive to a service registration request, the registration procedure based on a validation of the authorization code identified in the service registration request.

Abstract: A device may include a processor configured to establish a data traffic flow for a user equipment (UE) device and determine per flow descriptor attributes associated with the data traffic flow, wherein the per flow descriptor attributes identify at least a source, a destination, and a protocol associated with the data traffic flow. The processor may be further configured to determine at least one additional per flow descriptor attribute for the data traffic flow and send the per flow descriptor attributes and the at least one additional per flow descriptor attribute to a network exposure device of a core network, wherein the network exposure device is configured to communicate with servers outside the core network.

Abstract: A method for performing authorization for network function registration. The method includes instantiating a network function (NF) based on at least one micro-service; providing a software module with each of the at least one micro-service; sending, from each software module, an authorization code to a NF authorization platform, where the authorization code is associated with the micro-service; forwarding the at least one authorization code received at the NF authorization platform to an NF registration function (NRF); sending, from the NF, a service registration request to the NRF, where the service registration request includes each authorization code associated with the at least one micro-service; and registering the NF with the NRF, where the NRF validates each authorization code received from the NF.

Abstract: An edge network gateway, located in an edge network and connected to a core network, receives packets for a local breakout (LBO) Protocol Data Unit (PDU) session associated with a mobile subscriber. The edge network gateway sends, based on receipt of the packets for the LBO PDU session, a request for charging to a core network node, and forwards the packets for the LBO PDU session to a network or multi-access edge computing (MEC) data center connected to the edge network. The edge network gateway sends, via an online charging interface, charging data counts for the packets of the LBO PDU session to the core network node for reporting to an Online Charging System and charging to the mobile subscriber.

Abstract: A network device may receive Network Slice Selection Assistance Information (NSSAI) and network information from network components and from a set of Integrated Access and Backhaul (IAB) nodes; generate descriptions of, or updates to the descriptions of, routing paths based on the NSSAI and the network information; and send the descriptions or the updates to the IAB nodes. The routing paths may include one or more backhaul links between the IAB nodes, and the descriptions and the updates associate each of the routing paths with one or more Single-NSSAIs (S-NSSAIs).

Abstract: A device may include a processor configured to establish a data traffic flow for a user equipment (UE) device and determine per flow descriptor attributes associated with the data traffic flow, wherein the per flow descriptor attributes identify at least a source, a destination, and a protocol associated with the data traffic flow. The processor may be further configured to determine at least one additional per flow descriptor attribute for the data traffic flow and send the per flow descriptor attributes and the at least one additional per flow descriptor attribute to a network exposure device of a core network, wherein the network exposure device is configured to communicate with servers outside the core network.

Abstract: Systems and methods manage lookups for network repository functions (NRFs). A network device, such as a NRF, receives a discovery request for a network function instance in a wireless core network. The discovery request includes a hop limit value. The network device determines if a result for the discovery request is available and determines if the hop limit value is greater than a stop value, when the result for the discovery request is not available. The network device forwards the discovery request to another network device when the result for the discovery request is not available and when the hop limit value is greater than the stop value. The network device sends a terminal response to the discovery request when the hop limit value is not greater than the stop value.

Abstract: Methods and systems are disclosed for discovering resources in a multi-access computing environment. The method may include receiving application parameters for an application to be serviced using multi-access edge computing (MEC) resources. The method may also include generating network address identifiers associated with the application based on the application parameters, and storing, in a memory, the network address identifiers associated with the application to be serviced using the MEC resources. The method may include deploying an instance of the application at a MEC cluster. The deployed instance of the application may be accessible by user equipment with one of the network address identifiers.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to receive a request for a connection to a Packet Data Network gateway (PGW) from a User Equipment (UE) device; obtain subscription type information for the UE device; and determine that the UE device is associated with a Fifth Generation (5G) subscription based on the obtained subscription type information. The processor may be further configured to obtain a list of available PGWs from a 5G Network Repository Function (NRF), in response to determining that the UE device is associated with the 5G subscription; select a PGW from the obtained list of available PGWs based on a selection rule; and send a create session request for the UE device to the selected PGW.

Abstract: A packet destined for a Multi-access Edge Computing (MEC) network is received at a wireless station from a user device. A serving gateway (SGW) receives the packet from the wireless station via an S1U GTP tunnel and assigns an uplink S1U General Packet Radio Service (GPRS) Tunneling Protocol (GTP) tunnel endpoint identifier (TEID) to the packet. The SGW performs a network address translation (NAT) function on the packet based on the uplink S1U GTP TEID assigned to the packet to form a translated packet. The SGW transmits the translated packet to the MEC network.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

Abstract: An edge network gateway, located in an edge network and connected to a core network, receives packets for a local breakout (LBO) Protocol Data Unit (PDU) session associated with a mobile subscriber. The edge network gateway sends, based on receipt of the packets for the LBO PDU session, a request for charging to a core network node, and forwards the packets for the LBO PDU session to a network or multi-access edge computing (MEC) data center connected to the edge network. The edge network gateway sends, via an online charging interface, charging data counts for the packets of the LBO PDU session to the core network node for reporting to an Online Charging System and charging to the mobile subscriber.

Abstract: A method for performing authorization for network function registration. The method includes instantiating a network function (NF) based on at least one micro-service; providing a software module with each of the at least one micro-service; sending, from each software module, an authorization code to a NF authorization platform, where the authorization code is associated with the micro-service; forwarding the at least one authorization code received at the NF authorization platform to an NF registration function (NRF); sending, from the NF, a service registration request to the NRF, where the service registration request includes each authorization code associated with the at least one micro-service; and registering the NF with the NRF, where the NRF validates each authorization code received from the NF.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to maintain a repository of network function devices in a network; obtain a transport network key performance indicator (KPI) for a particular network function device in the network; and generate an administration weight based on the obtained transport network KPI, wherein the administration weight corresponds to a measure of performance associated with the particular network function device. The processor may be further configured to receive, from a requesting network function device, a network function discovery request for a network function type associated with the particular network function device; and provide a network function discovery answer to the requesting network function device, wherein the network function discovery answer includes the generated administration weight for the particular network function device.