Abstract: A method comprises receiving, by a threat level engine (TLE) in the network, security data from a plurality of different sources, wherein the security data comprises data regarding traffic related to a security threat occurring in the network, determining, by the TLE, a security related event indicating a security threat occurring at network elements in the network based on security key performance indicators and the security data, when a threat impact level of the security related event exceeds a threshold, determining, by the TLE, a remediation action for the security related event based on the threat impact level, transmitting, by the TLE to a policy decision point, an instruction to generate and store a rule based on the remediation action for the security related event, and transmitting, to a policy enforcement point, an authorization to create the secure tunnel between the one or more network elements and another endpoint.

Abstract: A method of testing a communication system implementing a zero trust architecture. The method comprises sending a request by a test equipment platform to access a microsegment to a policy enforcement point (PEP); sending an authorization request by the PEP to a policy decision point (PDP); authorizing access of the test equipment platform to the microsegment by the PDP; sending authorization of access of the test equipment platform to the microsegment by the PDP to the PEP; establishing a secure tunnel by the PEP between the test equipment platform and the microsegment; sending a command to provide test data by the test equipment platform via the secure tunnel to a probe in the microsegment; analyzing the test data by the test equipment platform; and producing a test result by the test equipment platform based on analyzing the test data.

Abstract: Systems and methods are provided for rapid user equipment route selection policy rule processing. A method includes determining an applicable routing policy based on user equipment route selection policy (URSP) rules for an established protocol data unit (PDU) session and storing PDU session information with the established uplink PDU session in a cache. The method further includes examining subsequent uplink packets for PDU session information and checking the cache for an established PDU session with matching uplink PDU session information. The method additionally includes routing the subsequent uplink packets to the established PDU session having the matching PDU session information, causing the subsequent uplink packet to be processed in accordance with the applicable routing policy as previously determined based on the URSP rules.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: An embodiment method for session handling for a connection between an UE and a network includes establishing, at a first distributed EPC, user and IP sessions over the connection through the first distributed EPC. The first distributed EPC includes a first PGW at which the IP session is anchored. The method also includes holding original IP resources and releasing original connection resources for the sessions at the first distributed EPC when the UE moves beyond the first distributed EPC to a second distributed EPC. The method then establishes a tunnel between the first PGW and a second PGW for the second distributed EPC. The tunnel utilizes the original IP resources and new connection resources at the second distributed EPC. The method then routes data from the tunnel, through the first PGW, and to the network.

Abstract: Exemplary methods and systems for providing access to IMS services are disclosed herein.

Abstract: An embodiment method for session handling for a connection between an UE and a network includes establishing, at a first distributed EPC, user and IP sessions over the connection through the first distributed EPC. The first distributed EPC includes a first PGW at which the IP session is anchored. The method also includes holding original IP resources and releasing original connection resources for the sessions at the first distributed EPC when the UE moves beyond the first distributed EPC to a second distributed EPC. The method then establishes a tunnel between the first PGW and a second PGW for the second distributed EPC. The tunnel utilizes the original IP resources and new connection resources at the second distributed EPC. The method then routes data from the tunnel, through the first PGW, and to the network.

Abstract: Exemplary methods and systems for providing access to IMS services are disclosed herein.

Abstract: Exemplary methods and systems for providing access to IMS services are disclosed herein.

Abstract: A method, system, and computer-readable media are provided for determining connection needs of a mobile device connecting to a wireless network. In one aspect, the computer-readable media provide a method that includes receiving a request from a mobile device to access a wireless network, and performing an authentication phase related to the mobile device attempting to access the wireless network. Furthermore, the method includes evaluating signaling behavior of the mobile device during the authentication phase to determine which access technology from a plurality of types of access technologies to use to connect the mobile device to the wireless network. Moreover, the method includes connecting the mobile device to the wireless network using the determined access technology.

Abstract: A new message format and protocol in an IP mobility system. Deallocation of a mobile node's IP address during a multipart communication session on a foreign network can cause serious communication and accounting errors. The new message format and protocol should eliminate the premature deallocation of a mobile node's IP address, which should reduce associated communication and accounting errors.

Abstract: A method and apparatus for dynamically assigning a home agent to a mobile station for a mobile IP session. The method and apparatus allow the telecommunications network to assign the home agent that is best able to serve the mobile station. This is achieved by utilizing a predetermined IP address that indicates to the network components, such as the packet-switched data network, the home agent, the home authorization, authentication, and accounting server, and the like, that the mobile station is requesting a dynamically assigned home agent.

Abstract: A classification application utilizing a table of connection numbers and associated TCP/IP applications is utilized for determining a wireless packet communication, quality of service level by decoding a connection number field of the compressed packet header. Packets carrying different connection numbers can be mapped to different Quality of Service planes. When a non-active TCP connection becomes active, the classification application detects and identifies the connection by reading the connection number field of a compressed TCP/IP header in a packet of the application. The classification application applies the appropriate Quality of Service level as determined from a user database and a list of available Quality of Service levels. If the connection has no table entry, the TCP/IP application is identified based on comparison to a pre-loaded table of port numbers and a new entry is created in the connection number table.

Abstract: A new access channel protocol for use in cellular systems such as CDMA whereby the data transfer efficiency of an access message is increased by removing the requirement that a preamble frame and a message capsule frame have equal times of duration. With such removal, the BTS must inform listening MSs as to the time duration of the frames in each of the preamble and the message portions of the access channel time slot in addition to previously supplied information as to the number of frames in each portion. When unequal frame duration times are allowed, each portion of the access channel may be more nearly optimized to the actual time required to perform the functions of synchronization and message detection.

Abstract: An adaptation sublayer is provided between LAC/MAC and a Packet Data Service Node for a Code Division Multiple Access telecommunication system. Quality of Service parameters are defined and stored within a Base Station and Base Transceiver Station along with subscriber profiles, including class of service. The profiles include specified Quality of Service requirements for each subscriber profile. A Quality of Service Adaptation Layer provides logic and control means to identify each active subscriber, provide the associated Quality of Service and direct the active subscriber's communication connection to a target host.

Abstract: A system and method for timely maintaining or establishing an R-P connection after a mobile station (MS) roams from the control of an old base station controller (BSC) to that of a new BSC is provided. The process may be initiated during a registration process of the MS, during an origination process, or during a termination process. A Mobile Service Center (MSC), Visitor's Location Register (VLR), or the MS may be used to store the packet data call status information including point to point protocol (PPP) session status information and configuration information about an old BSC including its related cells and PDSNs. In some cases, this information may also be transferred to the new BSC through a BSC to BSC connection.

Abstract: A communications system and method that separates operational aspects of a packet data service to be provided on a wireless network into separate, independent state diagrams. The method first decomposes the communication service into several different service layers. The method then defines a dynamic behavior of the service layers and an interaction therebetween. Once the behavior and interaction between the layers is defined, the method creates a control element with which to coordinate the service layers.

Abstract: A method and apparatus for dynamically assigning a home agent to a mobile station for a mobile IP session. The method and apparatus allow the telecommunications network to assign the home agent that is best able to serve the mobile station. This is achieved by utilizing a predetermined IP address that indicates to the network components, such as the packet-switched data network, the home agent, the home authorization, authentication, and accounting server, and the like, that the mobile station is requesting a dynamically assigned home agent.