Abstract: A Third Generation Partnership Project (3GPP) based network, such as an enterprise private 3GPP network, is operative to provide a guest onboarding of a device using a realm-based discovery of an identity provider and a mutual authentication of identity federation peers. A secure connection may be established between the peers so that the device may be authenticated based on credentials associated with a Subscriber Identity Module (SIM) provided by its Mobile Network Operator (MNO). Credentials may be extended to those associated with embedded SIMs (eSIMs), digital certificates from private enterprises, login and passwords, and identities from a wide range of identity providers. After device authentication, the 3GPP-based network is operative to select and enforce access policies according to an identity or other attribute of the device.

Abstract: Supporting Multipath Transmission Control Protocol (MPTCP) subflows using multipath links, and more specifically supporting MPTCP subflows using Wi-Fi Multi-Link Operation (MLO) or cellular multi-link support may be provided. A multipath link may be established between an Access Point (AP) and a station (STA). The STA may mark the multipath link as Multipath Transmission Control Protocol (MPTCP) capable. Next, a request for an addition of a MPTCP subflow may be received. In response to receiving the request, the MPTCP subflow may be bound to the multipath link, and data from the MPTCP subflow may be sent over the multipath link.

Abstract: A method is provided that includes obtaining an access request for a device to access a visited access network, the access request including an authentication identifier for the device including an identity for the device and a realm comprising a network identifying portion; determining a re-write rule for the realm by querying a database based on an identity type of the device and the network identifying portion of the realm, the database including a plurality of re-write rules for a plurality of networks and a plurality of identity types; re-writing the realm based on the re-write rule using the identity for the device to generate a re-written realm; obtaining, based on the re-written realm, an address for an authentication server of an identity provider associated with the device; and performing an authentication with the authentication server using the authentication identifier to authenticate the device for the visited access network.

Abstract: Presented herein are techniques to facilitate the configuration of hybrid cells to support shared cell and unique cell operating modes for user equipment. In one example, a method may include obtaining a registration request for a user equipment (UE) in which the mobile network includes a radio access network (RAN) comprising a plurality of radio units (RUs) in which each RU provides a shared cell that is shared with at least one other RU and each RU also provides a unique cell that is not shared with any other RU. The method may further include determining an operating mode for the UE in which the operating mode indicates whether the UE is to operate in a shared cell or a unique cell operating mode, and facilitating connection of the UE to one of the shared cell or the unique cell of an RU based on the operating mode.

Abstract: Presented herein are techniques to facilitate providing slice attribute information to a user equipment (UE) for one or more slice types with which the user equipment is allowed to establish one or more session(s). In one example, a method may include obtaining, by a network element, a registration request for connection of a UE to a mobile network; performing an authentication for connection of the UE to the mobile network; and upon successful authentication, providing, by the network element, a registration response to the UE, wherein the registration response identifies one or more network slice types with which the UE is authorized to establish a session and the registration response identifies one of: attribute information for each of the one or more network slice types or network location information from which attribute information for each of the one or more network slice types is to be obtained.

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

Abstract: Presented herein are techniques to facilitate providing slice attribute information to a user equipment (UE) for one or more slice types with which the user equipment is allowed to establish one or more session(s). In one example, a method may include obtaining, by a network element, a registration request for connection of a UE to a mobile network; performing an authentication for connection of the UE to the mobile network; and upon successful authentication, providing, by the network element, a registration response to the UE, wherein the registration response identifies one or more network slice types with which the UE is authorized to establish a session and the registration response identifies one of: attribute information for each of the one or more network slice types or network location information from which attribute information for each of the one or more network slice types is to be obtained.

Abstract: Presented herein are techniques to provide sponsored data to a user equipment in a mobile network environment. For example, techniques provided herein may provide for the ability to enhance sponsored data connectivity by enabling a mobile network to facilitate sponsorship of a network slice as part of sponsored data connectivity in which the network slice can provide traffic flow specific Service Level Agreement (SLA) connectivity and treatment. In one example, a method is provided that includes determining, via a first session of a user equipment (UE), that the UE seeks to access content in which financial sponsorship for accessing the content by the UE is to be provided by a sponsoring entity in which the first session involves a first network slice and enabling the UE to establish a second session to access the content in which the second session involves a second network slice.

Abstract: A first data plane is established between a user equipment device and a gateway device, wherein the user equipment device comprises a 3rd Generation Partnership Project (3GPP) user equipment device, and wherein the first data plane comprises a 3GPP data plane. A second data plane is established between the gateway device and an anchor device, wherein the second data plane comprises a Proxy Mobile Internet Protocol version 6 (PMIPv6) data plane. Mobility management is performed for the user equipment device via communications between the gateway device and the anchor device.

Abstract: Presented herein are techniques to provide sponsored data to a user equipment in a mobile network environment. For example, techniques provided herein may provide for the ability to enhance sponsored data connectivity by enabling a mobile network to facilitate sponsorship of a network slice as part of sponsored data connectivity in which the network slice can provide traffic flow specific Service Level Agreement (SLA) connectivity and treatment. In one example, a method is provided that includes determining, via a first session of a user equipment (UE), that the UE seeks to access content in which financial sponsorship for accessing the content by the UE is to be provided by a sponsoring entity in which the first session involves a first network slice and enabling the UE to establish a second session to access the content in which the second session involves a second network slice.

Abstract: A network management center includes a Dynamic Host Configuration Protocol (DHCP) server. The network management center obtains from an identity server, client information indicating authentication of a client device in a wireless network that is connected to a network fabric. The network management center obtains from an edge node in the network fabric an Internet Protocol (IP) address request for the client device. The IP address request including a fabric domain identifier associated with the edge node. The network management center allocates an IP address for the client device based on the client information obtained from the identity server and the fabric domain identifier contained in the IP address request obtained from the edge node. The network management center provides to the edge node an Identifier Locator Addressing (ILA) address based on the IP address.

Abstract: Presented herein are techniques to provide an operator-encrypted application specific user equipment (UE) route selection policy (URSP) to a UE via different network elements and/or distribution techniques. In one example, a method may include obtaining, by a network element, a policy object from a policy function of a mobile network operated by a mobile network operator, wherein the policy object comprises an application specific user equipment route selection policy (URSP) for an application in which the application specific URSP is encrypted by the policy function; and providing, by the network element, the policy object to a user equipment that has at least one session established with the mobile network, wherein the user equipment is to decrypt the application specific URSP to facilitate network communications for the application via the user equipment.

Abstract: This disclosure describes techniques for performing multi-factor authentication (MFA) by utilizing user generated authenticating gestures. The techniques may include establishing and monitoring peer-to-peer communication links between user devices. The techniques may include monitoring channel properties for fluctuations in the channel properties associated with the user generated authenticating gesture passing through signals of the communication links. The techniques may further include comparing a gesture performed by a user to a predefined authenticating gesture. The techniques may include determining a pattern of fluctuations in the channel properties associated with the predefined authenticating gesture. The techniques may include determining a confidence score associated with comparing the gesture performed and the predefined authenticating gesture. The techniques may further include determining a proximity of the user and/or the gesture to the user device.

Abstract: Presented herein are techniques to provide for the ability to utilize 3GPP-generated Session Keys that can be generated via a primary authentication or a secondary authentication process for a user equipment (UE) via a private wireless wide area (WWA) access network in which the keys can be leveraged to facilitate connection of the UE to a wireless local area (WLA) access network. In one example, a method may include obtaining a request to authenticate a UE for connection to a WWA access network; determining that the UE is capable of a Fast Transition (FT) capability; authenticating the UE for connection to the WWA access in which, based on the FT capability, the authenticating includes generating a root security key for the UE; and upon determining that the UE is attempting to access the WLA access network, providing the root security key for the UE to the WLA access network.

Abstract: This disclosure describes techniques and mechanisms for performing user defined network (UDN) service authorization based on secondary identity credentials within a wireless network. For instance, the techniques may include receiving, from a user device, a first request to access a wireless network (e.g., such as a WLAN), where the first request may include primary access credentials for accessing the WLAN. Once primary access authentication of the user device is complete, the techniques may include receiving a second request from the user device to access a UDN group within the wireless network. The second request can include secondary credentials for accessing the UDN group. In response to the second request, a secondary EAP dialogue may be established to authenticate the user device using the secondary credentials. Once the secondary credentials are authenticated, the techniques may include granting the user device access to the UDN group.

Abstract: Presented herein are techniques to facilitate dual-connectivity support for a user equipment (UE) in a hybrid cell virtualized Radio Access Network (vRAN) architecture. In one example, a method may include obtaining, by a node of a mobile network via a first cell of a RAN, a request for a UE to connect to the mobile network via the first cell in which the RAN includes at least one shared cell and at least one unique cell; determining that the UE is allowed for dual-connectivity operation; and providing a policy to the UE, wherein the policy identifies, for each of one or more applications, one of a shared cell operating mode or a unique cell operating mode that the UE is to utilize for each of the one or more applications.

Abstract: Techniques for network communications are disclosed. These techniques include receiving a cryptographically generated device identifier (CGDI) and a public key relating to a wireless station (STA). The techniques further include determining a first hash based on decrypting the CGDI using the public key, and validating the first hash for an access network. The techniques further include identifying the STA in the access network using the CGDI based on binding the CGDI to a session associated with the STA and the access network.

Abstract: Techniques are described to provide for authentication and subscription management that are decoupled from a Home Subscriber Server (HSS).

Abstract: Presented herein are techniques to facilitate dynamic switching for user equipment between unique cell and shared cell operating modes based on application traffic. In one example, a method may include determining, a quality of service (QoS) to be provided for a traffic flow of a user equipment (UE) in which the mobile network includes a radio access network (RAN) including a plurality of radio units (RUs) in which at least two RUs provides a shared cell and each RU provides a unique cell; identifying an operating mode for the UE based on the QoS in which the operating mode indicates whether the traffic flow is to be communicated using a shared cell or a unique cell operating mode; and causing the UE to communicate the traffic flow using the shared cell the unique cell operating mode.

Abstract: Supporting Multipath Transmission Control Protocol (MPTCP) subflows using multipath links, and more specifically supporting MPTCP subflows using Wi-Fi Multi-Link Operation (MLO) or cellular multi-link support may be provided. A multipath link may be established between an Access Point (AP) and a station (STA). The STA may mark the multipath link as Multipath Transmission Control Protocol (MPTCP) capable. Next, a request for an addition of a MPTCP subflow may be received. In response to receiving the request, the MPTCP subflow may be bound to the multipath link, and data from the MPTCP subflow may be sent over the multipath link.