Abstract: Systems and methods are provided for rapid user equipment route selection policy rule processing. A method includes determining an applicable routing policy based on user equipment route selection policy (URSP) rules for an established protocol data unit (PDU) session and storing PDU session information with the established uplink PDU session in a cache. The method further includes examining subsequent uplink packets for PDU session information and checking the cache for an established PDU session with matching uplink PDU session information. The method additionally includes routing the subsequent uplink packets to the established PDU session having the matching PDU session information, causing the subsequent uplink packet to be processed in accordance with the applicable routing policy as previously determined based on the URSP rules.

Abstract: A method to trigger, by a RAN, a secure edge (SE) connection service over the RAN between a known user equipment (UE) and an SE application server is disclosed. The method comprises the RAN enabling an SE connection service. Responsive to the UE's registration request, the RAN registers the UE and loads associated user subscription data into a session manager (SM). Based on this data, an SE connection is configured within the RAN, and the SM establishes a PDU session between the UE and the SM by establishing a secure path between the UE and the SE application server over the configured SE connection between the UE and the RAN. The SM informs the UE of a resolver. After PDU session establishment, the resolver receives a resolution request from the UE and responds by sending an IP address directing the UE over the secure path to the SE application server.

Abstract: A system includes a policy control function (PCF) that receives an indication from a mobile device in a wireless cellular network that indicates a secure connection between the mobile device and an endpoint in the wireless cellular network. The secure connection is associated with a security policy that includes a first set of parameters and operates at a first level of granularity and a routing policy that includes a second set of parameters and operates at a second level of granularity. The PCF then determines a mapping between the first set of parameters and the second set of parameters that aligns the first level of granularity with the second level of granularity. In an example, the alignment improves the utilization of network resources in the wireless cellular network. The mapping is then transmitted to the mobile device, which enables the mobile device to use the secure connection.

Abstract: A method comprises receiving, by a threat level engine (TLE) in the network, security data from a plurality of different sources, wherein the security data comprises data regarding traffic related to a security threat occurring in the network, determining, by the TLE, a security related event indicating a security threat occurring at network elements in the network based on security key performance indicators and the security data, when a threat impact level of the security related event exceeds a threshold, determining, by the TLE, a remediation action for the security related event based on the threat impact level, transmitting, by the TLE to a policy decision point, an instruction to generate and store a rule based on the remediation action for the security related event, and transmitting, to a policy enforcement point, an authorization to create the secure tunnel between the one or more network elements and another endpoint.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A system includes a policy control function (PCF) that receives an indication from a mobile device in a wireless cellular network that indicates a secure connection between the mobile device and an endpoint in the wireless cellular network. The secure connection is associated with a security policy that includes a first set of parameters and operates at a first level of granularity and a routing policy that includes a second set of parameters and operates at a second level of granularity. The PCF then determines a mapping between the first set of parameters and the second set of parameters that aligns the first level of granularity with the second level of granularity. In an example, the alignment improves the utilization of network resources in the wireless cellular network. The mapping is then transmitted to the mobile device, which enables the mobile device to use the secure connection.

Abstract: Systems, methods, and processing nodes for managing a wireless communication session perform and/or comprise: receiving a privacy enable request from an application associated with a wireless communication device; masking an application identifier corresponding to the application, thereby to generate a masked application identifier; receiving an application attribute request from a route selection manager, the application attribute request including a request for the application identifier; and in response to the privacy enable request and the application attribute request, returning an application attribute request response to the route selection manager, the application attribute request including the masked application identifier.

Abstract: A system includes a policy control function (PCF) that receives an indication from a mobile device in a wireless cellular network that indicates a secure connection between the mobile device and an endpoint in the wireless cellular network. The secure connection is associated with a security policy that includes a first set of parameters and operates at a first level of granularity and a routing policy that includes a second set of parameters and operates at a second level of granularity. The PCF then determines a mapping between the first set of parameters and the second set of parameters that aligns the first level of granularity with the second level of granularity. In an example, the alignment improves the utilization of network resources in the wireless cellular network. The mapping is then transmitted to the mobile device, which enables the mobile device to use the secure connection.

Abstract: A method comprises receiving, by a threat level engine (TLE) in the network, security data from a plurality of different sources, wherein the security data comprises data regarding traffic related to a security threat occurring in the network, determining, by the TLE, a security related event indicating a security threat occurring at network elements in the network based on security key performance indicators and the security data, when a threat impact level of the security related event exceeds a threshold, determining, by the TLE, a remediation action for the security related event based on the threat impact level, transmitting, by the TLE to a policy decision point, an instruction to generate and store a rule based on the remediation action for the security related event, and transmitting, to a policy enforcement point, an authorization to create the secure tunnel between the one or more network elements and another endpoint.

Abstract: A method of testing a communication system implementing a zero trust architecture. The method comprises sending a request by a test equipment platform to access a microsegment to a policy enforcement point (PEP); sending an authorization request by the PEP to a policy decision point (PDP); authorizing access of the test equipment platform to the microsegment by the PDP; sending authorization of access of the test equipment platform to the microsegment by the PDP to the PEP; establishing a secure tunnel by the PEP between the test equipment platform and the microsegment; sending a command to provide test data by the test equipment platform via the secure tunnel to a probe in the microsegment; analyzing the test data by the test equipment platform; and producing a test result by the test equipment platform based on analyzing the test data.

Abstract: Systems and methods are provided for rapid user equipment route selection policy rule processing. A method includes determining an applicable routing policy based on user equipment route selection policy (URSP) rules for an established protocol data unit (PDU) session and storing PDU session information with the established uplink PDU session in a cache. The method further includes examining subsequent uplink packets for PDU session information and checking the cache for an established PDU session with matching uplink PDU session information. The method additionally includes routing the subsequent uplink packets to the established PDU session having the matching PDU session information, causing the subsequent uplink packet to be processed in accordance with the applicable routing policy as previously determined based on the URSP rules.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Abstract: An embodiment method for session handling for a connection between an UE and a network includes establishing, at a first distributed EPC, user and IP sessions over the connection through the first distributed EPC. The first distributed EPC includes a first PGW at which the IP session is anchored. The method also includes holding original IP resources and releasing original connection resources for the sessions at the first distributed EPC when the UE moves beyond the first distributed EPC to a second distributed EPC. The method then establishes a tunnel between the first PGW and a second PGW for the second distributed EPC. The tunnel utilizes the original IP resources and new connection resources at the second distributed EPC. The method then routes data from the tunnel, through the first PGW, and to the network.

Abstract: Exemplary methods and systems for providing access to IMS services are disclosed herein.

Abstract: An embodiment method for session handling for a connection between an UE and a network includes establishing, at a first distributed EPC, user and IP sessions over the connection through the first distributed EPC. The first distributed EPC includes a first PGW at which the IP session is anchored. The method also includes holding original IP resources and releasing original connection resources for the sessions at the first distributed EPC when the UE moves beyond the first distributed EPC to a second distributed EPC. The method then establishes a tunnel between the first PGW and a second PGW for the second distributed EPC. The tunnel utilizes the original IP resources and new connection resources at the second distributed EPC. The method then routes data from the tunnel, through the first PGW, and to the network.

Abstract: Exemplary methods and systems for providing access to IMS services are disclosed herein.

Abstract: Exemplary methods and systems for providing access to IMS services are disclosed herein.

Abstract: A method, system, and computer-readable media are provided for determining connection needs of a mobile device connecting to a wireless network. In one aspect, the computer-readable media provide a method that includes receiving a request from a mobile device to access a wireless network, and performing an authentication phase related to the mobile device attempting to access the wireless network. Furthermore, the method includes evaluating signaling behavior of the mobile device during the authentication phase to determine which access technology from a plurality of types of access technologies to use to connect the mobile device to the wireless network. Moreover, the method includes connecting the mobile device to the wireless network using the determined access technology.