Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: Disclosed are systems, apparatuses, processes, and computer-readable media for automated certificate-based device enrollment system. For example, a disclosed method includes receiving, by a client device, a certificate signed by a certificate authority, the certificate including network credential information associated with a wireless network; in response to enabling a client supplicant, configuring a credential of the client device based on the certificate and the network selection credential information; using the configured credential to trigger the automatic network detection and selection of a wireless network; and authenticating with the wireless network using the credential.

Abstract: Techniques for network communications are disclosed. These techniques include receiving a cryptographically generated device identifier (CGDI) and a public key relating to a wireless station (STA). The techniques further include determining a first hash based on decrypting the CGDI using the public key, and validating the first hash for an access network. The techniques further include identifying the STA in the access network using the CGDI based on binding the CGDI to a session associated with the STA and the access network.

Abstract: Techniques for enhancing the security of network access within an open roaming framework are provided. A first network device receives a request to authenticate connection of a user device to a network. The first network device retrieves security data associated with the network. Based on analyzing the security data associated with the network, the first network device determines that one or more security criteria are satisfied. The first network device transmits a response to the user device, where the response instructs the user device to establish a connection with the network and does not disclose the security data.

Abstract: Presented herein are techniques associated with providing an alternative network indication to a client device in a wireless local area network (WLAN) roaming federation. In one example a method is provided that may include obtaining access network information for each of a plurality of access networks that neighbor a first access network through connection of a client device with the first access network involving a first identity provider profile; determining an alternative access network with which the client device is recommended to seek connection or an alternative identity provider profiles with which the client device is recommended to connect to the first access network; and enabling the client device to initiate a connection with the alternative access network or to re-initiate a connection with the first access network utilizing the alternative identity provider profile.

Abstract: Access network monitoring in a wireless federation may be provided. A plurality of access requests may be received from a probe device. Each of the plurality of access requests may comprise access request information. Next, an availability metric may be determined based on an amount of the plurality of access requests received and the access request information. The availability metric may then be reported.

Abstract: Presented herein are techniques associated with replicating an OpenRoaming™ policy federation in a Third Generation Partnership Project (3GPP) network environment. For example, techniques herein provide a roaming policy federation architecture for a 3GPP network environment.

Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.

Abstract: Techniques for wireless communications are disclosed. The techniques include generating a provisioning domain (PVD) identifier by associating a roaming consortium organization identifier (RCOI), relating to an identity federation comprising an identity provider (IDP), with the PVD. The techniques further include providing PVD configuration information from the IDP to a wireless station (STA) associated with the IDP, using the PVD identifier. The techniques further include applying one or more configuration policies at the STA based on the PVD configuration information.

Abstract: Subscriber identity concealment from an access network provider may be provided. A computing device may receive first identity data associated with a client device. Then the first identity data associated with the client device may be encrypted using second identity data to create an encrypted version of the first identity data associated with the client device. The encrypted version of the first identity data associated with the client device may be provided to an access network.

Abstract: In one aspect, a method for enabling EPCS in a network includes receiving a request from a network device to establish a connection to the network, wherein the request indicates an emergency event and at least one user equipment associated with the emergency event; prioritizing, for the network device, access to the network based on the request in accordance with a resource allocation policy comprising a plurality of access levels associated with a plurality of EPCS groups; allocating network resources in accordance with the resource allocation policy to the network device, wherein the one or more network resources are configured to modify a set of attributes of the network device to grant the network device an increased priority related to the emergency event; and transmitting a message to the network device to indicate authorization for the network device to establish a connection with the network according to the increased priority.

Abstract: Provided herein are techniques to facilitate conflict management in a shared Open Radio Access Network (O-RAN) architecture. In one instance, a method can be performed by a conflict manager of a near-real-time RAN intelligent controller of a shared RAN including radio unit (RU) nodes provided by a host operator. The method can include obtaining each of a requested radio unit (RU) configuration from each of a distributed unit (DU) node operated by each of a tenant operator and determining whether there are any conflicts among RU configuration parameters for each requested RU configuration. In one instance, upon determining one or more conflicts among the RU configuration parameters for each requested RU configuration, the method may include providing a response to each DU node indicating that each DU node is allowed to configure the plurality of RU nodes using each requested RU configuration in accordance with a modification.

Abstract: Presented herein are techniques to facilitate wireless wide area (WWA) virtualized Radio Access Network (vRAN) (e.g., 5G) to wireless local area (WLA) RAN (e.g., Wi-Fi) steering or WLA RAN to WWA vRAN steering for one or more UE. In one example, a method may include obtaining first performance metrics associated with links of a WWA vRAN (e.g., fronthaul, midhaul, and backhaul links); obtaining second performance metrics associated with links WLA RAN (e.g., backhaul links); and in response to determining that one of the WWA vRAN is experiencing degraded performance based on the first performance metrics or the WLA RAN the second performance metrics, activating a steering event that causes, at least in part, an indication to be communicated to a UE to cause the UE to connect to the WWA vRAN or the WLA RAN that is not experiencing degraded performance.

Abstract: System, methods, and computer-readable media for validating and committing a shared O-RU configuration via a shared O-RU Operator. The shared O-RU Operator validates a partitioned configuration received from a tenant operator, with the ability to indicate to the tenant operator that the partitioned configuration is conformant to agreed-upon sharing rules and then commits the shared configuration to the shared O-RU. The shared O-RU operator shares the outcome of the commit operation to the tenant operator via defined operational-data that can be read by the tenant operator. A single radio in O-RAN is shared by multiple different operators and enables a neutral host to deploy a radio unit and then have that attached to different operators networks.

Abstract: System, methods, and computer-readable media for validating and committing a shared O-RU configuration via a shared O-RU Operator. The shared O-RU Operator validates a partitioned configuration received from a tenant operator, with the ability to indicate to the tenant operator that the partitioned configuration is conformant to agreed-upon sharing rules and then commits the shared configuration to the shared O-RU. The shared O-RU operator shares the outcome of the commit operation to the tenant operator via defined operational-data that can be read by the tenant operator. A single radio in O-RAN is shared by multiple different operators and enables a neutral host to deploy a radio unit and then have that attached to different operators networks.

Abstract: Presented herein are techniques to facilitate dual-connectivity support for a user equipment (UE) in a hybrid cell virtualized Radio Access Network (vRAN) architecture. In one example, a method may include obtaining, by a node of a mobile network via a first cell of a RAN, a request for a UE to connect to the mobile network via the first cell in which the RAN includes at least one shared cell and at least one unique cell; determining that the UE is allowed for dual-connectivity operation; and providing a policy to the UE, wherein the policy identifies, for each of one or more applications, one of a shared cell operating mode or a unique cell operating mode that the UE is to utilize for each of the one or more applications.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.