Abstract: Serving network authentication and validation by a UE includes encrypting an identifier associated with the UE using a first instance of a public key associated with a serving network to which the UE is attempting to gain access; transmitting the identifier to the serving network; receiving from the serving network an authentication vector containing a second instance of the public key, the second instance of the public key having been encrypted using a key shared by the UE and a home network associated with the UE; decrypting the second instance of the public key using the key shared by the UE and the home network; comparing the first instance of the public key to the second instance of the public key; and when the first instance and the second instance are the same, determining that the home network has authenticated the serving network.

Abstract: Serving network authentication and validation by a UE includes encrypting an identifier associated with the UE using a first instance of a public key associated with a serving network to which the UE is attempting to gain access; transmitting the identifier to the serving network; receiving from the serving network an authentication vector containing a second instance of the public key, the second instance of the public key having been encrypted using a key shared by the UE and a home network associated with the UE; decrypting the second instance of the public key using the key shared by the UE and the home network; comparing the first instance of the public key to the second instance of the public key; and when the first instance and the second instance are the same, determining that the home network has authenticated the serving network.

Abstract: A system and method of improving anomaly detection rate in a communication network. A server computer may receive a data set comprising traffic flows communicated over the communication network and group the traffic flows into data categories based on the type of network service such as transport control protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers of the traffic flows, or based on application layer protocols associated with the traffic flows. The server computer may further detect anomalies in each of the data categories based on inconsistencies between at least one common feature associated with a data category and traffic flows in the data category. Different data categories may be associated with different the at least one common feature. The anomaly detection may be supervised or unsupervised.

Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.

Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.

Abstract: The disclosure relates to technology for provisioning out-of-network user equipment with a network relay in a communications network. The network relay device receives an authentication key request message from user equipment including a user equipment identity and an authentication server identity, and communicates the authentication key request message to an authentication server having the authentication server identity. The network relay device communicates a relay authentication key response received from the authentication server to the user equipment such that a secure communication is established between the user equipment and the network. A relay authentication key is generated during establishment of the secure communication between the user equipment and authentication server, and a session with the user equipment is authenticated using a session key generated by the user equipment based on the relay authentication key.

Abstract: An density-based apparatus, computer program, and method are provided for reclassifying test data points as not being an anomaly. One or more test data points are received that are each classified as an anomaly. In connection with each of the one or more test data points, a density is determined for a plurality of known data points that are each known to not be an anomaly. Further, at least one of the one or more test data points is reclassified as not being an anomaly, based on the determination.

Abstract: A device for communicating with a plurality of user equipment in a cellular network comprises a non-transitory memory having instructions and one or more processors in communication with the memory. The one or more processors execute the instructions to receive information regarding a faked base station including an operating frequency, location area code and cell identification of the faked base station, prepare a first message to alert of the faked base station, select the plurality of user equipment that may receive a signal from the faked base station, transmit the first message to alert of the faked base station to the plurality of user equipment and transmit a second message to bar the plurality of user equipment from connecting to the faked base station.

Abstract: A device for communicating with a plurality of user equipment in a cellular network comprises a non-transitory memory having instructions and one or more processors in communication with the memory. The one or more processors execute the instructions to receive information regarding a faked base station including an operating frequency, location area code and cell identification of the faked base station, prepare a first message to alert of the faked base station, select the plurality of user equipment that may receive a signal from the faked base station, transmit the first message to alert of the faked base station to the plurality of user equipment and transmit a second message to bar the plurality of user equipment from connecting to the faked base station.

Abstract: A system and method of detecting fake base stations. A first wireless device such as a user equipment (UE) or a base station (BS) may identify multiple parameters associated with a discovery signal transmitted by a second wireless device, the second wireless device advertising as a BS. The first wireless device may compare the multiple parameters with a set of parameters assigned to, or otherwise associated with, a cluster of neighboring BSs, and determine that the second wireless device is a fake BS when an inconsistency between the multiple parameters and the set of parameters associated with the cluster of neighboring BSs exceeds a threshold. The UE or the BS may also transmit the multiple parameters to a central controller, and the central controller may aggregate, correlate, and analyze the parameters, historical data, and other data from other sources associated with the second wireless device to determine whether the second wireless device is a fake BS.

Abstract: A method is provided for interworking of mobility key management among access networks operating under different access technologies. The method is carried out by performing mobility key management by a core-network authentication server based on the access technology that a mobile terminal accessing a wireless network has selected for operation. The method of the invention defines authentication server behavior based on different access technologies and therefore solves the technology interworking issue seamlessly. The method of the invention also facilitates coexistence of more than two different access technologies without any need for each access technology to be modified in order to interwork with core network that is specified by another technology.

Abstract: The disclosure relates to technology for provisioning out-of-network user equipment with a network relay in a communications network. The network relay device receives an authentication key request message from user equipment including a user equipment identity and an authentication server identity, and communicates the authentication key request message to an authentication server having the authentication server identity. The network relay device communicates a relay authentication key response received from the authentication server to the user equipment such that a secure communication is established between the user equipment and the network. A relay authentication key is generated during establishment of the secure communication between the user equipment and authentication server, and a session with the user equipment is authenticated using a session key generated by the user equipment based on the relay authentication key.

Abstract: A system and method of improving anomaly detection rate in a communication network. A server computer may receive a data set comprising traffic flows communicated over the communication network and group the traffic flows into data categories based on the type of network service such as transport control protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers of the traffic flows, or based on application layer protocols associated with the traffic flows. The server computer may further detect anomalies in each of the data categories based on inconsistencies between at least one common feature associated with a data category and traffic flows in the data category. Different data categories may be associated with different the at least one common feature. The anomaly detection may be supervised or unsupervised.

Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.

Abstract: A system and method of detecting fake base stations. A first wireless device such as a user equipment (UE) or a base station (BS) may identify multiple parameters associated with a discovery signal transmitted by a second wireless device, the second wireless device advertising as a BS. The first wireless device may compare the multiple parameters with a set of parameters assigned to, or otherwise associated with, a cluster of neighboring BSs, and determine that the second wireless device is a fake BS when an inconsistency between the multiple parameters and the set of parameters associated with the cluster of neighboring BSs exceeds a threshold. The UE or the BS may also transmit the multiple parameters to a central controller, and the central controller may aggregate, correlate, and analyze the parameters, historical data, and other data from other sources associated with the second wireless device to determine whether the second wireless device is a fake BS.

Abstract: A technique to extend location-based (e.g. GPS) mobile device battery lifetime by reducing the location-based (e.g. GPS) circuitry power consumption is provided. The technique defines and controls when to start power and when to stop power to the device in the context of a mobile terminating (MT) location request and/or a mobile originated (MO) location request that is either on-demand or periodic.

Abstract: In a method for controlling access to a local network via a small wireless cell in a wireless network, local network access control information is received at the small wireless cell, and the small wireless cell controls access to the local network by the user based on the local network access control information. The access control information is indicative of whether a user is permitted to access the local network through the small wireless cell, and is independent of wireless network access control information indicative of whether the user is permitted to access the wireless network.

Abstract: In one embodiment, the method includes establishing, at a first base station, at least one interface with a second base station. The first and second base stations are associated with different network technologies, and at least one of the first and second base stations is a small cell base station. A small cell base station has a coverage area smaller than and at least partially overlapped by a coverage area of a macro base station. The method further includes one of (i) sending information from the first base station to the second base station over the interface, and (ii) receiving information at the first base station from the second base station over the interface.

Abstract: In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent.

Abstract: A call request is processed by first determining at a shared transport Call Admission Control (CAC) mechanism an occupancy of each of a plurality of technology-specific CAC mechanisms. If one of the plurality of technology-specific CAC mechanisms is not being utilized, transport bandwidth associated with the one of the plurality of technology-specific CAC mechanisms that is not being utilized is assigned to a second of the plurality of technology-specific CAC mechanisms.