Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: The invention relates to methods of providing requested network information from a first core Network Function (NF) to a second NF, and devices performing the methods. In an aspect, a method performed by a first core NF entity of providing requested network information to a second NF entity is provided. The method comprises receiving a request to obtain the network information originating from the second NF entity, determining an expiry time stipulating how long the requested network information is valid, and transmitting, towards the second NF entity, the requested network information and the expiry time.

Abstract: Data in a database can be protected, for instance by tokenizing the entries of the database using one or more token tables. To enable searching data within the database without first detokenizing the tokenized database entries, bigrams of each data entry can also be tokenized and stored in association with the tokenized data entry. When a query term is received, the query term can be parsed into bigrams, and each bigram can be tokenized. The tokenized query bigrams can be used to query the database, and tokenized database entries corresponding to tokenized bigrams that match the tokenized query bigrams can be identified and returned as search results.

Abstract: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.

Abstract: The invention relates to methods of providing requested network information from a first core Network Function (NF) to a second NF, and devices performing the methods. In an aspect, a method performed by a first core NF entity of providing requested network information to a second NF entity is provided. The method comprises receiving a request to obtain the network information originating from the second NF entity, determining an expiry time stipulating how long the requested network information is valid, and transmitting, towards the second NF entity, the requested network information and the expiry time.

Abstract: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and is configured to receive encoded data and a set of operations from the server device in response to a request for cloud services from the client device. The gateway device is configured to decode the encoded data, and to provide the decoded data and the set of operations to the client device. The client device is configured to perform the set of operations on the decoded data, and to incorporate the operation results into an application or interface corresponding to the requested cloud service. The gateway device is configured to encode the operation result data, and to provide the encoded operation result data to the server device for storage.

Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.

Abstract: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.

Abstract: A method of operation of an OAM node in a 5G system for fulfilling a service level agreement (SLA) for a network slice. The method comprises the OAM node initializing the slice information at a first network entity (NSSF) including the initial number of users allowed for a slice and transmitting information related to KPI for the slice for QoE monitoring; receiving one or more Quality of Experience (QoE) measurements related to one or more users of the slice, using the received one or more QoE measurements to determine whether the KPI for the slice is reached in accordance with the SLA and in response to determining that the KPI for the slice is not in accordance with the SLA, triggering an action in at least one of corresponding Radio Access Network or a Core Network associated with the slice, such as resource reconfiguration or redistribution across different slices.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and is configured to receive encoded data and a set of operations from the server device in response to a request for cloud services from the client device. The gateway device is configured to decode the encoded data, and to provide the decoded data and the set of operations to the client device. The client device is configured to perform the set of operations on the decoded data, and to incorporate the operation results into an application or interface corresponding to the requested cloud service. The gateway device is configured to encode the operation result data, and to provide the encoded operation result data to the server device for storage.

Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

Abstract: Methods and devices of enabling paging of a wireless communication device. In an aspect, a method of a node configured to provide core network user plane functionality in a communications network is provided to enable paging of a wireless communication device being in an idle state.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.

Abstract: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.

Abstract: Methods and systems for Open Network Automation Platform (ONAP) Fifth Generation Core (5GC) interaction for analytics are provided. According to one aspect, a method, performed by a Front End node for receiving patterns extracted from events and current network status data in a telecommunications network, comprises: receiving, from a Session Management Function (SMF) a request for a User Plane Function (UPF) selection recommendation for a user; determining a list of applications associated with the user; sending, to a Data Collection, Analytics, and Events (DCAE) function of an ONAP, a request for a list of Application Server (AS) locations; receiving, from the DCAE function, the list of AS locations; selecting a UPF based on the user's mobility and application usage patterns; and sending, to the SMF, a recommendation identifying the selected UPF.

Abstract: Methods of connecting a wireless communication device to a user plane in a wireless communication network and devices performing the methods. In one aspect, a network node configured to connect a wireless communication device to a user plane in a wireless communication network comprises a processing unit and a memory containing instructions executable by the processing unit, wherein the network node is to provide core network user plane functionality and/or radio access network user plane functionality, via an interface.

Abstract: The invention relates to methods of providing requested network information from a first core Network Function (NF) to a second NF, and devices performing the methods. In an aspect, a method performed by a first core NF entity of providing requested network information to a second NF entity is provided. The method comprises receiving a request to obtain the network information originating from the second NF entity, determining an expiry time stipulating how long the requested network information is valid, and transmitting, towards the second NF entity, the requested network information and the expiry time.