Abstract: Systems, methods, and computer-readable media are provided for on-boarding network devices onto a private 5G network. An example method can include discovering a first private 5G network upon the network device being turned on, authenticating, at the network device, the network device, downloading a second network profile from an SM-DP+ server of a second private 5G network, and on-boarding the network device to the second private 5G network.

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

Abstract: Systems, methods, and computer-readable media are provided for on-boarding network devices onto a private 5G network. An example method can include discovering a first private 5G network upon the network device being turned on, authenticating, at the network device, the network device, downloading a second network profile from an SM-DP+ server of a second private 5G network, and on-boarding the network device to the second private 5G network.

Abstract: In one embodiment, a device associates available 5G functions stored by a network repository function with contextual information, wherein the contextual information maps each of the available 5G functions with a layer of a hierarchical security model for an industrial network. The device receives a request from a user equipment endpoint to communicate via the industrial network. The device selects a particular user plane function from among the available 5G functions for use by the user equipment endpoint based in part on the layer of the hierarchical security model associated with the particular user plane function. The device causes the user equipment endpoint to communicate via the industrial network using the particular user plane function.

Abstract: Embodiments herein describe techniques for mapping cellular slices to a Wi-Fi Network. It may be advantageous to port the slice constructs from a cellular network (e.g., 5G) to the Wi-Fi system. In one embodiment, templates are established for each slice which define different parameters that are used when the slice is implemented on a cellular network and a Wi-Fi network. A service provider can establish a template for each slice. In one embodiment, the template includes parameters for each slice for both cellular and Wi-Fi networks.

Abstract: The present technology is generally directed to dynamically adding network resources based on an application function (AF) notification. The present technology can determine, by an AF of a service provider, a network congestion on a network, the network congestion indicating that network resources for servicing a user device using services of the service provider do not meet corresponding Quality of Service (QOS) requirements. Further, the present technology can transmit a notification by the AF to a core network of a network provider to request additional network resources to be allocated for servicing the user device, the network provider providing network connectivity for the user device to receive the services provided by the service provider.

Abstract: In one embodiment, a device receives a request from a client to remotely access an endpoint in a local network. The device instantiates a network slice having a remote access function in a cellular network. The device causes the endpoint to communicate a particular type of traffic via the network slice and the remote access function. The device configures a virtual private network tunnel between the client and the remote access function. The client and endpoint communicate with one another via a connection that comprises the network slice and the virtual private network tunnel.

Abstract: Disclosed herein are systems, methods, and computer-readable media for authentication in a multi-cloud cellular service. In one aspect, a method includes receiving, at a controller of a local site within the multi-cloud cellular service, a network connection request from a device, the cloud-based authentication component being a central network component configured to store device credentials and network policies for authenticating devices connecting to the multi-cloud cellular service across all sites associated with the multi-cloud cellular service. In one aspect, the method also includes locally authenticating, by the controller, the device using stored credential information obtained from the cloud-based authentication component prior to losing the connectivity to the cloud-based authentication component.

Abstract: The present technology is generally directed to dynamically adding network resources based on an application function (AF) notification. The present technology can determine, by an AF of a service provider, a network congestion on a network, the network congestion indicating that network resources for servicing a user device using services of the service provider do not meet corresponding Quality of Service (QoS) requirements. Further, the present technology can transmit a notification by the AF to a core network of a network provider to request additional network resources to be allocated for servicing the user device, the network provider providing network connectivity for the user device to receive the services provided by the service provider.

Abstract: A trust based continuous Fifth Generation (5G) network service assessment, and more specifically a trust based continuous 5G network service assessment for a user equipment to ensure an authorized user is using the user equipment may be provided. A registration request may be received by an Access and Mobility Management Function (AMF) from a User Equipment (UE). In response to the registration request, a Policy Control Function (PCF) may exchange a policy with the AMF, wherein the policy comprises instructions to perform a continuous service assessment. Next, a registration accept message may be sent to the UE, wherein the registration accept message comprises instructions for the UE to enable the continuous service assessment.

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

Abstract: Disclosed herein are systems, methods, and computer-readable media for reporting QoE of a UE, as measured and determined from the perspective of the UE to one or more core components of the cellular network to which the UE is attached. The QoE may then be used by the one or more core components for managing and adjusting, if necessary, the cellular services provided to the UE. In one aspect, a method includes determining, at a user device, a quality of experience (QoE) of user device connected to a cellular network and transmitting, via a non-access stratum (NAS) signaling, a value of the QoE from the user device to a core network element of the cellular network, wherein the core network element utilizes the QoE value to manage network access and a quality of service (QoS) of the user device.

Abstract: A private cellular management system detects that a device has connected to a private cellular network. The device is part of a device group that is associated with a policy applicable within an enterprise network and the private cellular network. The private cellular management system generates a determination corresponding to a policy effectiveness associated with the access policy based on different versions of the policy implemented in the enterprise and private cellular networks. The private cellular management system obtains an update to the access policy and applies this update for the device and other devices associated with the device group.

Abstract: A system and method of performing multi-layer client assurance in a private cellular network includes a plurality of assurance points within the network. The method includes receiving, by a network entity, a plurality of parameter sets from the plurality of assurance points. Each of the plurality of assurance points can be configured to obtain measurements from a portion of the private cellular network corresponding to a client assurance layer in a client assurance stack. The method can include combining a first parameter set from the plurality of parameter sets with a second parameter set from the plurality of parameter sets. The first parameter set can be associated with a first client assurance layer and the second parameter set is associated with a second client assurance layer. The method can include determining, based on the combined parameter set, a network service level corresponding to the client device.

Abstract: An enterprise device identity proxy between an SMF and an Enterprise's device profile store supports N7 protocol for enterprise policy delivery between a central management service (CMS) and an enterprise policy service. In particular, when a user equipment (UE) requests a data service, the enterprise device identity proxy receives AAA transactions from the SMF running the enterprise policy service over a secondary authentication interface, stores the results in a data store, and uses business rules set forth by the CMS to transform Remote Authentication Dial-In User Service (RADIUS) Attribute Value Pairs (AVPs) into a valid N7 response to the SMF. The enterprise device identity proxy enables an enterprise to treat a device with cellular connectivity using the same rules that would apply to other access/connection types without the complexity and cost of deploying a 3GPP policy service to support N7 protocol for policy delivery.

Abstract: Systems, methods, and computer-readable media are disclosed for facilitating bi-directional edge proxy-to-edge proxy communications across an enterprise firewall in 5G service-based architecture. In one aspect, a method includes receiving a subscription request from a user device to operate on a visited private network; determining that the user device is associated with a home network; and establishing a communication protocol between a security edge protection proxy of the visited private network and a security edge protection proxy of the home network, wherein the communication protocol enables bi-directional exchange of roaming signals between the visited private network and the home network while user device is operating on the visited private network.

Abstract: Systems, methods, and computer-readable media are provided for on-boarding network devices onto a private 5G network. An example method can include discovering a first private 5G network upon the network device being turned on, authenticating, at the network device, the network device, downloading a second network profile from an SM-DP+ server of a second private 5G network, and on-boarding the network device to the second private 5G network.

Abstract: The present technology is generally directed to dynamically adding network resources based on an application function (AF) notification. The present technology can determine, by an AF of a service provider, a network congestion on a network, the network congestion indicating that network resources for servicing a user device using services of the service provider do not meet corresponding Quality of Service (QoS) requirements. Further, the present technology can transmit a notification by the AF to a core network of a network provider to request additional network resources to be allocated for servicing the user device, the network provider providing network connectivity for the user device to receive the services provided by the service provider.

Abstract: The present technology discloses non-transitory computer-readable media, systems, and methods for receiving a notification that an identified physical object has attached to a roaming network, wherein the identified physical object is roaming when on the roaming network; translating at least one policy intent that was defined at a home network for the identified physical object into a policy suitable to be applied by the roaming network; and sending, to the roaming network, the at least one translated policy intent to be applied to the identified physical object on the roaming network.

Abstract: The present technology discloses non-transitory computer-readable media, systems, and methods for receiving a notification that an identified physical object has attached to a roaming network, wherein the identified physical object is roaming when on the roaming network; translating at least one policy intent that was defined at a home network for the identified physical object into a policy suitable to be applied by the roaming network; and sending, to the roaming network, the at least one translated policy intent to be applied to the identified physical object on the roaming network.