Abstract: In a mobile network, an identity of a security group associated with user equipments (UEs) may be obtained. A segment route (SR) path for session communications in the mobile network for the UEs may be selected based on the identity of the security group. The SR path may be one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs (SIDs). An identity of a virtual network associated with the security group may also be obtained. The selected SR path and the identity of the virtual network may be provisioned in one or more routers of the transport network, such that IP messages communicated for the UEs in the mobile network are forwarded via the selected SR path and (at least ultimately) via the tunnel associated with the security group.

Abstract: Various implementations disclosed herein enable blockchain programming in NB-IoT devices. In various implementations, a method of blockchain authentication is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes maintaining a blockchain for a machine-to-machine network, wherein the machine-to-machine network is a narrowband internet of things network. In some implementations, the method includes receiving a request for a first set of data from the blockchain by a second device. In some implementations, the method includes determining based on the request, the first set of data from the blockchain by traversing a series of blocks from the blockchain. In some implementations, the method includes packaging the first set of data from the blockchain according to a protocol into a packaged data unit and transmitting the packaged data unit to the second device.

Abstract: In a mobile network, an identity of a security group associated with user equipments (UEs) may be obtained. A segment route (SR) path for session communications in the mobile network for the UEs may be selected based on the identity of the security group. The SR path may be one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs (SIDs). An identity of a virtual network associated with the security group may also be obtained. The selected SR path and the identity of the virtual network may be provisioned in one or more routers of the transport network, such that IP messages communicated for the UEs in the mobile network are forwarded via the selected SR path and (at least ultimately) via the tunnel associated with the security group.

Abstract: In a mobile network, an identity of a security group associated with user equipments (UEs) may be obtained. A segment route (SR) path for session communications in the mobile network for the UEs may be selected based on the identity of the security group. The SR path may be one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs (SIDs). An identity of a virtual network associated with the security group may also be obtained. The selected SR path and the identity of the virtual network may be provisioned in one or more routers of the transport network, such that IP messages communicated for the UEs in the mobile network are forwarded via the selected SR path and (at least ultimately) via the tunnel associated with the security group.

Abstract: A network function (NF) entity in a communication network receives authentication data associated with a User Equipment (UE), determines the UE supports a blockchain registration procedure based on the authentication data, exchanges authentication messages with a Blockchain Roaming Broker (BRB) entity over a blockchain network interface, receives a blockchain authentication confirmation from the BRB entity, and registers the UE with the core network based on the blockchain authentication confirmation.

Abstract: A Network Function (NF) entity in a telecommunication network receives blockchain credentials associated with UE and selects a Blockchain Charging Function (BCF). The NF entity further generates a Charging Data Record (CDR) corresponding to network resources, and sends a charging request based on the CDR (and policy rules) to the BCF entity over a blockchain network interface. The BCF entity sends a confirmation of the charging request, and the NF entity, based on the confirmation, provisions the network resources to the UE.

Abstract: In a mobile network, an identity of a security group associated with user equipments (UEs) may be obtained. A segment route (SR) path for session communications in the mobile network for the UEs may be selected based on the identity of the security group. The SR path may be one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs (SIDs). An identity of a virtual network associated with the security group may also be obtained. The selected SR path and the identity of the virtual network may be provisioned in one or more routers of the transport network, such that IP messages communicated for the UEs in the mobile network are forwarded via the selected SR path and (at least ultimately) via the tunnel associated with the security group.

Abstract: Various implementations disclosed herein enable blockchain programming in NB-IoT devices. In various implementations, a method of blockchain authentication is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes maintaining a blockchain for a machine-to-machine network, wherein the machine-to-machine network is a narrowband internet of things network. In some implementations, the method includes receiving a request for a first set of data from the blockchain by a second device. In some implementations, the method includes determining based on the request, the first set of data from the blockchain by traversing a series of blocks from the blockchain. In some implementations, the method includes packaging the first set of data from the blockchain according to a protocol into a packaged data unit and transmitting the packaged data unit to the second device.

Abstract: A network function (NF) entity in a communication network determines a User Equipment (UE) supports a blockchain authentication procedure, exchanges authentication messages with a Blockchain Authentication Function (BAF) entity over a blockchain network interface (e.g., based on the blockchain authentication procedure), receives a blockchain authentication confirmation from the BAF entity, and registers the UE based on the blockchain authentication confirmation.

Abstract: A network function (NF) entity in a communication network receives authentication data associated with a User Equipment (UE), determines the UE supports a blockchain registration procedure based on the authentication data, exchanges authentication messages with a Blockchain Roaming Broker (BRB) entity over a blockchain network interface, receives a blockchain authentication confirmation from the BRB entity, and registers the UE with the core network based on the blockchain authentication confirmation.

Abstract: A network function (NF) entity in a communication network receives session request data associated with a User Equipment (UE), which includes blockchain authentication data. The NF entity selects a Blockchain Authentication Function (BAF) entity based on the session request data, and exchanges at least a portion of the blockchain authentication data with the BAF entity over a blockchain network interface. The NF entity further receives authentication confirmation data from the BAF entity over the blockchain network interface, and establishes a data session associated with the UE based on the authentication confirmation data.

Abstract: A Network Function (NF) entity in a telecommunication network receives blockchain credentials associated with UE and selects a Blockchain Charging Function (BCF). The NF entity further generates a Charging Data Record (CDR) corresponding to network resources, and sends a charging request based on the CDR (and policy rules) to the BCF entity over a blockchain network interface. The BCF entity sends a confirmation of the charging request, and the NF entity, based on the confirmation, provisions the network resources to the UE.

Abstract: A network function (NF) entity in a communication network determines a User Equipment (UE) supports a blockchain authentication procedure, exchanges authentication messages with a Blockchain Authentication Function (BAF) entity over a blockchain network interface (e.g., based on the blockchain authentication procedure), receives a blockchain authentication confirmation from the BAF entity, and registers the UE based on the blockchain authentication confirmation.

Abstract: A network function (NF) entity in a communication network receives session request data associated with a User Equipment (UE), which includes blockchain authentication data. The NF entity selects a Blockchain Authentication Function (BAF) entity based on the session request data, and exchanges at least a portion of the blockchain authentication data with the BAF entity over a blockchain network interface. The NF entity further receives authentication confirmation data from the BAF entity over the blockchain network interface, and establishes a data session associated with the UE based on the authentication confirmation data.

Abstract: A network slice manager receives a workload mobility request to add network resources to a domain in the communication network, and authenticates a virtual network function (VNF) with a blockchain authentication function (BAF) over a blockchain network interface based on the workload mobility request. The network slice manager further receives an indication of a successful authentication from the BAF, and instantiates the VNF in the domain of the communication network based on the indication of the successful authentication. Notably, these authentication processes may be readily adapted to instantiate new network resources or migrate existing network resources between domains.

Abstract: In one embodiment, a primary server receives, from a client device, a first request to mitigate an external attack on the client device. The primary server sends, to a plurality of secondary servers, a second request to mitigate the external attack, wherein each one of the plurality of secondary servers has associated mitigation resources, and receives from at least one of the plurality of secondary servers an indication that it has mitigation resources capable of mitigating the external attack. The primary server sends, to the client device, a list including the secondary servers having mitigation resources capable of mitigating the attack, and receives, from the client device, an indication that a subset of the list is selected to mitigate the external attack. In response, the primary server sends a request for mitigation services to one of the secondary servers in the subset selected to mitigate the external attack.

Abstract: A network function (NF) entity in a communication network receives authentication data associated with a User Equipment (UE), determines the UE supports a blockchain registration procedure based on the authentication data, exchanges authentication messages with a Blockchain Roaming Broker (BRB) entity over a blockchain network interface, receives a blockchain authentication confirmation from the BRB entity, and registers the UE with the core network based on the blockchain authentication confirmation.

Abstract: In one embodiment, a primary server receives, from a client device, a first request to mitigate an external attack on the client device. The primary server sends, to a plurality of secondary servers, a second request to mitigate the external attack, wherein each one of the plurality of secondary servers has associated mitigation resources, and receives from at least one of the plurality of secondary servers an indication that it has mitigation resources capable of mitigating the external attack. The primary server sends, to the client device, a list including the secondary servers having mitigation resources capable of mitigating the attack, and receives, from the client device, an indication that a subset of the list is selected to mitigate the external attack. In response, the primary server sends a request for mitigation services to one of the secondary servers in the subset selected to mitigate the external attack.