Abstract: Aspects of the present disclosure provide for a security model for enabling multiple connectivity and service contexts while sharing a single connectivity context to establish a network connection. A context (e.g., connectivity context, service context, security context) is a set of information describing the connectivity, service, or security established between two or more entities. The connectivity context and service context may be established at different network nodes or entities. In one aspect of the disclosure, a connectivity context includes an Evolved Packet System (EPS) Mobility Management (EMM) context or both an EMM context and an EPS Session Management (ESM) context.

Abstract: A gateway device detects a trigger associated with a device and, in response, identifies an application service associated with the device, obtains a traffic network policy associated with the application service, and obtains a network access token based on the traffic network policy. The network access token facilitates validating and/or mapping a downlink data packet obtained at the gateway device in user-plane traffic that is destined for the device. The network access token is sent to an entity in control-plane signaling. Subsequently, the gateway device obtains a downlink data packet including the network access token. The gateway device verifies the network access token and/or maps the downlink data packet to the device using data obtained from the network access token. The network access token may be removed from the downlink data packet before the downlink data packet is sent to the device according to the mapping.

Abstract: One aspect relates to initiating, by a device, a connection with an application server associated with one or more application services. A gateway derives an uplink network token and/or a downlink network token. The tokens are provisioned to the device and/or an application server over the user-plane. The tokens are included with uplink and/or downlink packets, respectively. Another aspect relates to receiving a data packet at a gateway. The gateway determines a requirement for a network token from the packet. The gateway derives the network token based on a device subscription profile maintained by a network. The network token may be sent with the packet to a destination address associated with the packet. A packet including a network token may be received at a gateway. The gateway may verify the network token and send the data packet to an application server or a device if the verifying is successful.

Abstract: Aspects of the present disclosure provide for a security model for enabling multiple connectivity and service contexts while sharing a single connectivity context to establish a network connection. A context (e.g., connectivity context, service context, security context) is a set of information describing the connectivity, service, or security established between two or more entities. The connectivity context and service context may be established at different network nodes or entities. In one aspect of the disclosure, a connectivity context includes an Evolved Packet System (EPS) Mobility Management (EMM) context or both an EMM context and an EPS Session Management (ESM) context.

Abstract: Systems and techniques enable an improved network selection procedure. Providers maintain preferred networks lists provisioned to UEs. The preferred networks lists include WLAN RATs, and for each entry coverage area and type of supported services. UEs include multiple credentials for connectivity via providers and potentially multiple transceivers supporting multiple active services. A UE triggers a network selection procedure whenever a new service is initiated. A credential is selected. The UE builds a list of network/RAT combinations from preferred networks lists and filters this list, removing entries that do not support the new service. The UE takes the context of the UE into consideration, further filtering the list. The remaining entries are scanned and a network/RAT combination selected. The UE determines whether registering with the selected network/RAT combination causes an interruption to an ongoing service. If not, the UE registers on the selection.

Abstract: Techniques are described using network slice information to negotiate and select network services by determining a set of desired required network provided functionalities; identifying a set of network slices providing one or more of the functionalities in the set of required functionalities; and communicating, to a network, a slice identifier for each slice in the set of the identified network slices.

Abstract: One aspect relates to initiating, by a device, a connection with an application server associated with one or more application services. A gateway derives an uplink network token and/or a downlink network token. The tokens are provisioned to the device and/or an application server over the user-plane. The tokens are included with uplink and/or downlink packets, respectively. Another aspect relates to receiving a data packet at a gateway. The gateway determines a requirement for a network token from the packet. The gateway derives the network token based on a device subscription profile maintained by a network. The network token may be sent with the packet to a destination address associated with the packet. A packet including a network token may be received at a gateway. The gateway may verify the network token and send the data packet to an application server or a device if the verifying is successful.

Abstract: One aspect relates to initiating, by a device, a connection with an application server associated with one or more application services. A gateway derives an uplink network token and/or a downlink network token. The tokens are provisioned to the device and/or an application server over the user-plane. The tokens are included with uplink and/or downlink packets, respectively. Another aspect relates to receiving a data packet at a gateway. The gateway determines a requirement for a network token from the packet. The gateway derives the network token based on a device subscription profile maintained by a network. The network token may be sent with the packet to a destination address associated with the packet. A packet including a network token may be received at a gateway. The gateway may verify the network token and send the data packet to an application server or a device if the verifying is successful.

Abstract: A gateway device detects a trigger associated with a device and, in response, identifies an application service associated with the device, obtains a traffic network policy associated with the application service, and obtains a network access token based on the traffic network policy. The network access token facilitates validating and/or mapping a downlink data packet obtained at the gateway device in user-plane traffic that is destined for the device. The network access token is sent to an entity in control-plane signaling. Subsequently, the gateway device obtains a downlink data packet including the network access token. The gateway device verifies the network access token and/or maps the downlink data packet to the device using data obtained from the network access token. The network access token may be removed from the downlink data packet before the downlink data packet is sent to the device according to the mapping.

Abstract: Local IP access is provided in a wireless network to facilitate access to one or more local services. In some implementations, different IP interfaces are used for accessing different services (e.g., local services and operator network services). A list that maps packet destinations to IP interfaces may be employed to determine which IP interface is to be used for sending a given packet. In some implementations an access point provides a proxy function (e.g., a proxy ARP function) for an access terminal. In some implementations an access point provides an agent function (e.g., a DHCP function) for an access terminal. NAT operations may be performed at an access point to enable the access terminal to access local services. In some aspects, an access point may determine whether to send a packet from an access terminal via a protocol tunnel based on the destination of the packet.

Abstract: Techniques are described using network slice information to negotiate and select network services by determining a set of desired required network provided functionalities; identifying a set of network slices providing one or more of the functionalities in the set of required functionalities; and communicating, to a network, a slice identifier for each slice in the set of the identified network slices.

Abstract: The disclosure relates in some aspects to the establishment, discovery, and creation of virtual wireless communication networks. A device can create a virtual wireless communication network with a serving mobile network operator (MNO), e.g., via a service provider, and provide information regarding connectivity to the virtual wireless communication network. Provided information can include, without limitation, restricted access to content and uploaded specific content. The disclosure also relates in some aspects to enabling a network to configure access and policing entities to support a virtual wireless communication network.

Abstract: A method, operational at a radio access network (RAN) node, is provided for establishing a secure interface with a service network node. A service registration request is received from a client device. A service network associated with the connectivity network is determined or ascertained, wherein the service network node operates within the service network. The service registration request is forwarded to a connectivity network node within the connectivity network. A secure connection is then established with a service network node via the connectivity network node. Communications between the radio access network node and the client device may then be secured based on the key.

Abstract: Systems and techniques enable an improved network selection procedure. Providers maintain preferred networks lists provisioned to UEs. The preferred networks lists include WLAN RATs, and for each entry coverage area and type of supported services. UEs include multiple credentials for connectivity via providers and potentially multiple transceivers supporting multiple active services. A UE triggers a network selection procedure whenever a new service is initiated. A credential is selected. The UE builds a list of network/RAT combinations from preferred networks lists and filters this list, removing entries that do not support the new service. The UE takes the context of the UE into consideration, further filtering the list. The remaining entries are scanned and a network/RAT combination selected. The UE determines whether registering with the selected network/RAT combination causes an interruption to an ongoing service. If not, the UE registers on the selection.

Abstract: Aspects of the present disclosure provide for a security model for enabling multiple connectivity and service contexts while sharing a single connectivity context to establish a network connection. A context (e.g., connectivity context, service context, security context) is a set of information describing the connectivity, service, or security established between two or more entities. The connectivity context and service context may be established at different network nodes or entities. In one aspect of the disclosure, a connectivity context includes an Evolved Packet System (EPS) Mobility Management (EMM) context or both an EMM context and an EPS Session Management (ESM) context.

Abstract: Systems and methods for control and triggering of machine to machine (M2M) devices (e.g., smart meters). More specifically how to allow an M2M service provider (e.g., utility company) to use an operator's network to communicate with the M2M device connected with a UE/GW associated with the operator's network. The M2M service provider may receive identification of the UE/GW, but not for the M2M device. By transmitting an identifier for the M2M device along with an identifier for the UE/GW, the network operator may define establish and maintain a communication path specific to M2M devices. Similar techniques may be incorporated to allow the M2M service provider to locate and trigger the M2M device.

Abstract: One aspect relates to initiating, by a device, a connection with an application server associated with one or more application services. A gateway derives an uplink network token and/or a downlink network token. The tokens are provisioned to the device and/or an application server over the user-plane. The tokens are included with uplink and/or downlink packets, respectively. Another aspect relates to receiving a data packet at a gateway. The gateway determines a requirement for a network token from the packet. The gateway derives the network token based on a device subscription profile maintained by a network. The network token may be sent with the packet to a destination address associated with the packet. A packet including a network token may be received at a gateway. The gateway may verify the network token and send the data packet to an application server or a device if the verifying is successful.

Abstract: The disclosure relates in some aspects to the establishment, discovery, and creation of virtual wireless communication networks. A device can create a virtual wireless communication network with a serving mobile network operator (MNO), e.g., via a service provider, and provide information regarding connectivity to the virtual wireless communication network. Provided information can include, without limitation, restricted access to content and uploaded specific content. The disclosure also relates in some aspects to enabling a network to configure access and policing entities to support a virtual wireless communication network.

Abstract: Local IP access is provided in a wireless network to facilitate access to one or more local services. In some implementations, different IP interfaces are used for accessing different services (e.g., local services and operator network services). A list that maps packet destinations to IP interfaces may be employed to determine which IP interface is to be used for sending a given packet. In some implementations an access point provides a proxy function (e.g., a proxy ARP function) for an access terminal. In some implementations an access point provides an agent function (e.g., a DHCP function) for an access terminal. NAT operations may be performed at an access point to enable the access terminal to access local services. In some aspects, an access point may determine whether to send a packet from an access terminal via a protocol tunnel based on the destination of the packet.

Abstract: Techniques for performing registration in parallel with call establishment to reduce delay are described. A user equipment (UE) performs registration with a communication network, e.g., in response to a user placing an emergency call. The UE establishes the call in parallel with performing registration. The UE updates the call with information (e.g., verified UE identity and/or call back information) obtained from the registration by sending the information to a called entity/party such as a Public Safety Answering Point (PSAP) selected for the emergency call. The UE sends a first message to initiate registration, a second message to initiate establishment of the call, and a third message to update the call with the information obtained from the registration. The established call may be associated with the registration based on a common source IP address in the first, second and third messages and common dialogue information in the second and third messages.