Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: Dynamic Open Radio Access Network Radio Unit (O-RU) sharing between multiple tenant Open RAN Distributed Units (O-DU) may be provided. A Near Real Time RAN Intelligent Controller (nRT-RIC) may receive tenant policies for a first tenant and a second tenant. The nRT-RIC may then determine initial sharing templates for the first tenant and the second tenant based on the tenant policies. The nRT-RIC may send the initial sharing templates to a first tenant Distributed Unit (DU) and a second tenant DU. The nRT-RIC may receive operating metrics from the first tenant DU and the second tenant DU. The nRT-RIC may then determine operational factors based on the operating metrics. The nRT-RIC may alter an allocation of resources between the first tenant and the second tenant based on the operational factors. Finally, the nRT-RIC may send the altered allocation of resources to the first tenant DU and the second tenant DU.

Abstract: Dynamic Open Radio Access Network Radio Unit (O-RU) sharing between multiple tenant Open RAN Distributed Units (O-DU) may be provided. A Near Real Time RAN Intelligent Controller (nRT-RIC) may receive tenant policies for a first tenant and a second tenant. The nRT-RIC may then determine initial sharing templates for the first tenant and the second tenant based on the tenant policies. The nRT-RIC may send the initial sharing templates to a first tenant Distributed Unit (DU) and a second tenant DU. The nRT-RIC may receive operating metrics from the first tenant DU and the second tenant DU. The nRT-RIC may then determine operational factors based on the operating metrics. The nRT-RIC may alter an allocation of resources between the first tenant and the second tenant based on the operational factors. Finally, the nRT-RIC may send the altered allocation of resources to the first tenant DU and the second tenant DU.

Abstract: Provided herein are techniques for providing emergency telecommunication services and application driven profile prioritization for wireless local area network architectures. In one instance, a method can include facilitating, for an emergency call initiated by a wireless device, connection of the wireless device with a radio node; providing a location tag to the wireless device that is associated with a location of the wireless device; obtaining, by an emergency services identity provider, a session initiation protocol (SIP) registration request message from the wireless device that includes the location tag; determining, by the emergency services identity provider, a location of the wireless device based, at least in part, on the location tag; and facilitating the emergency call for the wireless device with a public safety answering point (PSAP) that is determined based on the location of the wireless device in which the location is provided to the PSAP.

Abstract: Techniques for dynamically negotiating a service legal agreement (SLA) between a roaming device and a visited network (VN) in an identity federation. An identity profile provided to a user device by an identity provider (IDP) is accessed by the user device. The identity profile includes a first SLA criteria. An advertisement from the VN indicating one or more SLAs supported by the VN is received at the user device. The advertisement is received before the user device has associated with the VN. The IDP and the VN are part of a same identity federation. It is determined that the SLA supported by the VN satisfies the first SLA criteria. Upon that determination, an acceptance is transmitted by the user device to the VN, and the user device is associated with the VN.

Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: Presented herein are techniques to support handovers in hybrid cell configuration environments. In one example, a method may include determining that a user equipment (UE) is connected to a first shared cell or a first unique cell of a radio access network; and causing a handover for the UE to a second shared cell or a second unique cell of the radio access network based on whether the UE is connected to the first shared cell or the first unique cell, wherein the handover is performed between one of the first shared cell and the second shared cell or the first unique cell and the second unique cell.

Abstract: Differentiated service in a federation-based access network is provided by receiving a set of credentials from a User Equipment (UE) for a wireless network offering a plurality of service levels. In response to determining that the set of credentials indicate a realm associated with a given service level, network access is provided to the UE according to the given service level. In response to determining that the given service level is not a highest service level in the wireless network, a list of one or more preferred realms is transmitted to the UE, where each realm of the list of one or more preferred realms is associated with one or more higher service levels than the given service level.

Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

Abstract: Dynamic Open Radio Access Network Radio Unit (O-RU) sharing between multiple tenant Open RAN Distributed Units (O-DU) may be provided. A Near Real Time RAN Intelligent Controller (nRT-RIC) may receive tenant policies for a first tenant and a second tenant. The nRT-RIC may then determine initial sharing templates for the first tenant and the second tenant based on the tenant policies. The nRT-RIC may send the initial sharing templates to a first tenant Distributed Unit (DU) and a second tenant DU. The nRT-RIC may receive operating metrics from the first tenant DU and the second tenant DU. The nRT-RIC may then determine operational factors based on the operating metrics. The nRT-RIC may alter an allocation of resources between the first tenant and the second tenant based on the operational factors. Finally, the nRT-RIC may send the altered allocation of resources to the first tenant DU and the second tenant DU.

Abstract: System, methods, and computer-readable media for a Neutral Host (NH) operation of a 5G radio, whereby a NH operator receives feedback from hosts and determines to partition Physical Resource Block (PRB) resources. Thus, a NH system is provided that enables a third-party to independently operate other channels, whereby individual physical random access channels (PRACH) are operated by independent hosts. The NH system is able to indicate partitioned resources to individual hosts, including PRACH definition and mutually exclusive set of PRBs partitioned between tenants. The hosts operating in the NH system may be operable to implement their own independent schedulers, incorporating host specific logic, that can be configured with the partitioned resources but which may further operate independently of each other.

Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

Abstract: Supporting Multipath Transmission Control Protocol (MPTCP) subflows using multipath links, and more specifically supporting MPTCP subflows using Wi-Fi Multi-Link Operation (MLO) or cellular multi-link support may be provided. A multipath link may be established between an Access Point (AP) and a station (STA). The STA may mark the multipath link as Multipath Transmission Control Protocol (MPTCP) capable. Next, a request for an addition of a MPTCP subflow may be received. In response to receiving the request, the MPTCP subflow may be bound to the multipath link, and data from the MPTCP subflow may be sent over the multipath link.

Abstract: A method is provided that includes obtaining an access request for a device to access a visited access network, the access request including an authentication identifier for the device including an identity for the device and a realm comprising a network identifying portion; determining a re-write rule for the realm by querying a database based on an identity type of the device and the network identifying portion of the realm, the database including a plurality of re-write rules for a plurality of networks and a plurality of identity types; re-writing the realm based on the re-write rule using the identity for the device to generate a re-written realm; obtaining, based on the re-written realm, an address for an authentication server of an identity provider associated with the device; and performing an authentication with the authentication server using the authentication identifier to authenticate the device for the visited access network.

Abstract: Presented herein are techniques to facilitate the configuration of hybrid cells to support shared cell and unique cell operating modes for user equipment. In one example, a method may include obtaining a registration request for a user equipment (UE) in which the mobile network includes a radio access network (RAN) comprising a plurality of radio units (RUs) in which each RU provides a shared cell that is shared with at least one other RU and each RU also provides a unique cell that is not shared with any other RU. The method may further include determining an operating mode for the UE in which the operating mode indicates whether the UE is to operate in a shared cell or a unique cell operating mode, and facilitating connection of the UE to one of the shared cell or the unique cell of an RU based on the operating mode.

Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: Roaming validation for Access Network Providers (ANPs), and particularly to protecting communications between Stations (STAs) and ANPs while providing roaming validation for ANPs may be provided. An ANP may first register a roaming federation system. The ANP may determine a roaming message based on subscription features of the network, and the ANP may request signing of the roaming message by the roaming federation system. The ANP may receive the signed roaming message from the roaming federation system and send the signed roaming message to a STA. The ANP may then receive a request to connect to the network from the STA and initiate a connection for the STA.

Abstract: Presented herein are techniques associated with providing an alternative network indication to a client device in a wireless local area network (WLAN) roaming federation. In one example a method is provided that may include obtaining access network information for each of a plurality of access networks that neighbor a first access network through connection of a client device with the first access network involving a first identity provider profile; determining an alternative access network with which the client device is recommended to seek connection or an alternative identity provider profiles with which the client device is recommended to connect to the first access network; and enabling the client device to initiate a connection with the alternative access network or to re-initiate a connection with the first access network utilizing the alternative identity provider profile.

Abstract: Presented herein are techniques to facilitate dual-connectivity support for a user equipment (UE) in a hybrid cell virtualized Radio Access Network (vRAN) architecture. In one example, a method may include obtaining, by a node of a mobile network via a first cell of a RAN, a request for a UE to connect to the mobile network via the first cell in which the RAN includes at least one shared cell and at least one unique cell; determining that the UE is allowed for dual-connectivity operation; and providing a policy to the UE, wherein the policy identifies, for each of one or more applications, one of a shared cell operating mode or a unique cell operating mode that the UE is to utilize for each of the one or more applications.

Abstract: Techniques for network communications are disclosed. These techniques include receiving a cryptographically generated device identifier (CGDI) and a public key relating to a wireless station (STA). The techniques further include determining a first hash based on decrypting the CGDI using the public key, and validating the first hash for an access network. The techniques further include identifying the STA in the access network using the CGDI based on binding the CGDI to a session associated with the STA and the access network.