Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

Abstract: The present technology discloses methods and systems for receiving a security profile request from an integrity verifier, the request including a nonce; requesting, from a trusted platform module, a new nonce, wherein the new nonce is generated at least in part by the nonce and a current timestamp from a clock in the trusted platform module; receiving, from the trusted platform module, the new nonce; requesting, from a cryptoprocessor, a set of platform configuration registers; receiving, from the cryptoprocessor, the set of platform configuration registers; and sending a response to the integrity verifier, the response including the new nonce and the set of platform configuration registers to verify a security status of the trusted platform module and the cryptoprocessor.

Abstract: Systems, methods, and computer-readable media are provided for inter-network messaging among private and public 5G networks. For instance, a first server on a public 5G mobile network can receive a first message directed to a first wireless device associated with a first network identity. The first server can determine, based on the first network identity, that the first wireless device is associated with a second network identity, wherein the second network identity is used to identify the first wireless device on a private 5G mobile network. The first server can send a copy of the first message to a second server on the private 5G mobile network for transmission to the first wireless device through the private 5G mobile network based on the second network identity.

Abstract: This disclosure describes techniques for authentication related to verification of identity for network access. The techniques may include sending a challenge associated with authentication to a network to a mobile device. In response to sending the challenge, the techniques may include receiving a challenge response from the mobile device. The challenge response may include biometric credential information associated with a user of the mobile device. The challenge response may also include an indication of an authorization assertion associated with the authentication to the network. In some examples, the techniques may include tailoring access to the network for the mobile device based on the biometric credential information.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for providing security postures for a service provided by a heterogenous system. A method for verifying trust by a service node includes receiving a request for a security information of the service node from a client device, wherein the request includes information identifying a service to receive from the service node, identifying a related node to communicate with the service node based on the service, after identifying the related node, requesting a security information of the related node, generating a composite security information from the security information of the service node and the security information of the related node, and sending the composite security information to the client device. The composite security information provides security claims for a service implemented by a heterogenous devices that have different trusted execution environments.

Abstract: In one embodiment, an earthbound transceiver in a low earth orbit (LEO) satellite network establishes a connection with a first LEO satellite from a first set of LEO satellites. The first set of LEO satellites are distributed across a first plurality of orbits including first neighboring LEO satellites of the first LEO satellite, and the first neighboring LEO satellites have a fixed or semi-fixed position relative to the first LEO satellite. The earthbound transceiver determines first signal strength values associated with the first set of LEO satellites and second signal strength values associated with a second set of LEO satellites. The earthbound transceiver then periodically compares the first signal strength values to the second signal strength values. At an optimal handoff time, the earthbound transceiver initiates the handoff operation from the first LEO satellite to a second LEO satellite from the second set of LEO satellites.

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

Abstract: Presented herein are techniques to facilitate electronic profile management by an enterprise entity in which the enterprise entity can utilize an enterprise infrastructure to provision one or more electronic profiles for one or more enterprise device(s). In one example, a method is provided that may include determining, by a management node of an enterprise network, whether a user equipment (UE) supports an electronic profile capability and a wireless wide area access network connectivity capability; and based on determining that the UE supports the electronic profile capability and the wireless wide area access network connectivity capability, providing, by the management node, at least one electronic profile to the UE via a wireless local area access network of the enterprise network, wherein the at least one electronic profile enables the UE to connect to at least one wireless wide area access network of the enterprise network.

Abstract: Low latency wireless communications may be provided. A client device may be authorized for a first association in response to the client device making a first concurrent association request that may include a first Media Access Control (MAC) address. In response to authorizing the client device for the first association, an Endpoint Identifier (EID) associated with the client device may be registered with a first Routing Locator (RLOC) in a map server, the first RLOC being associated with the first MAC address. The client device may then be authorized for a second association in response to the client device making a second concurrent association request that includes a second MAC address. In response to authorizing the client device for the second association, the EID associated with the client device may be registered with a second RLOC in the map server, the second RLOC being associated with the second MAC address.

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

Abstract: Presented herein are techniques to facilitate electronic profile management by an enterprise entity in which the enterprise entity can utilize an enterprise infrastructure to provision one or more electronic profiles for one or more enterprise device(s). In one example, a method is provided that may include determining, by a management node of an enterprise network, whether a user equipment (UE) supports an electronic profile capability and a wireless wide area access network connectivity capability; and based on determining that the UE supports the electronic profile capability and the wireless wide area access network connectivity capability, providing, by the management node, at least one electronic profile to the UE via a wireless local area access network of the enterprise network, wherein the at least one electronic profile enables the UE to connect to at least one wireless wide area access network of the enterprise network.

Abstract: The present technology discloses methods and systems for receiving a security profile request from an integrity verifier, the request including a nonce; requesting, from a trusted platform module, a new nonce, wherein the new nonce is generated at least in part by the nonce and a current timestamp from a clock in the trusted platform module; receiving, from the trusted platform module, the new nonce; requesting, from a cryptoprocessor, a set of platform configuration registers; receiving, from the cryptoprocessor, the set of platform configuration registers; and sending a response to the integrity verifier, the response including the new nonce and the set of platform configuration registers to verify a security status of the trusted platform module and the cryptoprocessor.

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

Abstract: Low latency wireless communications may be provided. A client device may be authorized for a first association in response to the client device making a first concurrent association request that may include a first Media Access Control (MAC) address. In response to authorizing the client device for the first association, an Endpoint Identifier (EID) associated with the client device may be registered with a first Routing Locator (RLOC) in a map server, the first RLOC being associated with the first MAC address. The client device may then be authorized for a second association in response to the client device making a second concurrent association request that includes a second MAC address. In response to authorizing the client device for the second association, the EID associated with the client device may be registered with a second RLOC in the map server, the second RLOC being associated with the second MAC address.

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

Abstract: Systems, methods, and computer-readable media for controlling data transmission in TCP subflows of a MPTCP connection based on monetary cost. A low cost link and a high cost link of TCP subflows of a MPTCP connection formed between a first MPTCP peer and a second MPTCP peer can be identified. A congestion level on the low cost link can be determined based on feedback from a TCP congestion control mechanism for the MPTCP connection. Further, whether to send a data packet over the low cost link of the high cost link based on the congestion level on the low cost link can be determined. As follows, the data packet can be sent over the low cost link connection if it is determined to send the data packet over the low cost link.

Abstract: In one embodiment, a method is performed. A device may receive a registration request from a user equipment (UE) device associated with a category. The device may receive a registration response from an access and mobility function (AMF). The registration response may comprise a group identifier associated with the category. The device may select resources from a resource pool based on the group identifier. The resource pool may be dedicated for use for emergency communications. The device may allocate the selected resources to the UE device.

Abstract: Systems, methods, and computer-readable media for controlling data transmission in TCP subflows of a MPTCP connection based on monetary cost. A low cost link and a high cost link of TCP subflows of a MPTCP connection formed between a first MPTCP peer and a second MPTCP peer can be identified. A congestion level on the low cost link can be determined based on feedback from a TCP congestion control mechanism for the MPTCP connection. Further, whether to send a data packet over the low cost link of the high cost link based on the congestion level on the low cost link can be determined. As follows, the data packet can be sent over the low cost link connection if it is determined to send the data packet over the low cost link.

Abstract: Techniques are described herein for dynamic platoon management. The techniques may include obtaining dynamic location data of a vehicle, where the dynamic location data indicates a current or predicted location of the vehicle. Based on the dynamic location data, a platoon of vehicles that is optimal for the vehicle to join may be identified. The vehicle may be dynamically joined to the platoon.

Abstract: In one example, an authentication server generates a Chargeable User Identity (CUI) for a User Equipment (UE) based on a first indication of an identifier obtained from the UE based on communications of the UE over a first network interface of a system. The authentication server obtains a second indication of the identifier based on communications of the UE over a second network interface of the system. In response to obtaining the second indication of the identifier, the authentication server determines that the UE is attempting to communicate over the second network interface. In response to determining that the UE is attempting to communicate over the second network interface, the authentication server uses the CUI for further communications of the UE over the second network interface.