Nothing Special   »   [go: up one dir, main page]

US20190380030A1 - Systems, devices, and techniques for registering user equipment (ue) in wireless networks using a native blockchain platform - Google Patents

Systems, devices, and techniques for registering user equipment (ue) in wireless networks using a native blockchain platform Download PDF

Info

Publication number
US20190380030A1
US20190380030A1 US16/134,887 US201816134887A US2019380030A1 US 20190380030 A1 US20190380030 A1 US 20190380030A1 US 201816134887 A US201816134887 A US 201816134887A US 2019380030 A1 US2019380030 A1 US 2019380030A1
Authority
US
United States
Prior art keywords
blockchain
entity
authentication
network
baf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/134,887
Other versions
US10505718B1 (en
Inventor
OM Prakash Suthar
Aeneas Sean DODD-NOBLE
Ammar Rayes
Ian McDowell Campbell
Michael David Geller
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Assigned to CISCO TECHNOLOGY, INC. reassignment CISCO TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CAMPBELL, IAN MCDOWELL, RAYES, AMMAR, GELLER, MICHAEL DAVID, SUTHAR, OM PRAKASH, DODD-NOBLE, AENEAS SEAN
Priority to US16/134,887 priority Critical patent/US10505718B1/en
Priority to US16/138,524 priority patent/US10491376B1/en
Priority to PCT/US2019/036164 priority patent/WO2019237073A1/en
Priority to PCT/US2019/036144 priority patent/WO2019237058A1/en
Priority to EP19736545.5A priority patent/EP3804378A1/en
Priority to EP19733633.2A priority patent/EP3804377A1/en
Publication of US10505718B1 publication Critical patent/US10505718B1/en
Application granted granted Critical
Publication of US20190380030A1 publication Critical patent/US20190380030A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • H04L12/1407Policy-and-charging control [PCC] architecture
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/66Policy and charging system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/80Rating or billing plans; Tariff determination aspects
    • H04M15/8038Roaming or handoff
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/82Criteria or parameters used for performing billing operations
    • H04M15/8228Session based
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/83Notification aspects
    • H04M15/85Notification aspects characterised by the type of condition triggering a notification
    • H04M15/854Available credit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present subject matter relates generally to communication networks, and more particularly, to natively integrating blockchain technologies in the context of registering User Equipment (UE) in telecommunication networks (e.g., 4G, 5G, etc.)
  • UE User Equipment
  • new 5G networks which includes a new service-oriented architecture for provisioning network services/resources in a dynamic, scalable, and customizable fashion (e.g., micro-services, network functions virtualization (NFV), etc.).
  • this service-oriented architecture supports network slices, which employ an isolated set of programmable resources that can implement individual network functions and/or application services through software programs within a respective network slice, without interfering with other functions and services on coexisting network slices.
  • the service-oriented architecture including its network slice implementation, creates opportunities to employ new mechanisms that natively support such dynamic and flexible workload provisioning and improve overall UE mobility.
  • FIG. 1 illustrates a schematic block diagram of exemplary telecommunication networks, including a 3G network, a 4G network, and a 5G network;
  • FIG. 2 illustrates a schematic block diagram of an exemplary network device, such as a Network Function (NF) entity/module, according to one or more embodiments of this disclosure
  • NF Network Function
  • FIG. 3A illustrates schematic block diagram of a roaming architecture with a local breakout scenario for a service based interface representation of a Service Based Architecture (SBA);
  • SBA Service Based Architecture
  • FIG. 3B illustrates a schematic block diagram of reference point representation of the roaming architecture shown in FIG. 3A ;
  • FIG. 4A illustrates a schematic signaling diagram, showing a blockchain authentication procedure that invokes an Access and Mobility Management Function (AMF) entity;
  • AMF Access and Mobility Management Function
  • FIG. 4B illustrates a schematic signaling diagram, showing a blockchain authentication procedure performed between an Access and Mobility Management Function (AMF) entity and a Blockchain Authentication Function (BAF) entity; and
  • AMF Access and Mobility Management Function
  • BAF Blockchain Authentication Function
  • FIG. 5 illustrates an example simplified procedure for registering User Equipment (UE) in a communication network, in accordance with one or more embodiments of the blockchain authentication procedure.
  • UE User Equipment
  • a network function (NF) entity in a communication network determines a UE supports a blockchain authentication procedure.
  • the NF entity exchanges authentication messages with a Blockchain Authentication Function (BAF) entity over a blockchain network interface and receives a blockchain authentication confirmation from the BAF entity.
  • BAF Blockchain Authentication Function
  • the NF entity further registers the UE based on the blockchain authentication confirmation.
  • the NF entity can include an Access and Mobility Management Function (AMF) entity and/or an Authentication Server Function (AUSF) entity.
  • AMF Access and Mobility Management Function
  • AUSF Authentication Server Function
  • the AMF entity may communicate directly with the BAF entity over the blockchain network interface and/or the AMF entity can invoke the AUSF entity to perform the authentication procedure and communicate with the BAF entity over another blockchain network interface.
  • this disclosure relates to communication networks (e.g., telecommunication networks), which include a number of network devices/modules/entities or “Network Function(s)” (NF(s)), as is appreciated by those skilled in the art.
  • NF Network Function
  • the NFs described herein are based on NFs specified by existing Technical Specifications such as the 3GPP TS 23.501, TS 23.502, TS 24.501, TS 29.509, TS 29.518, TS 33.301, TS 33.501, each of which is incorporated herein by reference to its entirety.
  • a communication network is a geographically distributed collection of nodes interconnected by communication links and segments for transporting data between end nodes, such as mobile devices, computers, personal computing devices (and so on), and other devices, such as network entities, sensors, etc.
  • end nodes such as mobile devices, computers, personal computing devices (and so on), and other devices, such as network entities, sensors, etc.
  • LANs local area networks
  • WANs wide area networks
  • LANs typically connect these nodes over dedicated private communications links located in the same general physical location, such as a building or campus.
  • WANs typically connect geographically dispersed nodes over long-distance communications links, such as common carrier telephone lines, optical lightpaths, synchronous optical networks (SONET), synchronous digital hierarchy (SDH) links, etc.
  • Some communication networks can include telecommunication networks, which transport data between end nodes, such as user equipment (UE), which can include mobile devices.
  • UE user equipment
  • FIG. 1 illustrates a schematic block diagram of exemplary telecommunication networks 100 , including a 3G network 110 , a 4G network 120 , and 5G network 130 .
  • Telecommunication networks 100 include wireless network interfaces or communication links, such as air interfaces 140 , an access network 150 , which represents radio infrastructure or radio towers, and a core network 160 , which represents respective core network entities, network modules, or Network Functions (NF(s)).
  • the wireless network interfaces or air interfaces 140 include Uu links for 3G network 110 , LTE-Uu links for 4G network 120 , and 5G-NR links for 5G network 130 .
  • network interfaces generally interconnect certain nodes (e.g., UE and/or core network entities) with other nodes (e.g., other UE and/or core network entities) based on, for example, distance, signal strength, network topology, current operational status, location, etc.
  • the network interfaces are vehicles for exchanging data packets (e.g., traffic and/or messages) between the nodes using predefined network protocols such as known wired protocols as appropriate.
  • a protocol consists of a set of rules defining how the nodes interact with each other.
  • telecommunication networks 100 including respective interconnected network entities, are illustrated and described herein for purposes of discussion, not limitation, and it is appreciated that the illustrated networks can include (or exclude) any number of network entities, communication links, and the like, and can support inter-network operability and compatibility.
  • Access network 150 represents the infrastructure or radio towers, such as a Radio Access Network (RAN), for receiving and transmitting data packets between end user nodes (UE) as well as the various network entities (e.g., core network entities).
  • Access network 150 includes NodeBs (NBs) for 3G network 110 , eNodeBs (eNBs) for 4G network 120 , and gNodeBs (gNBs) for 5G network 130 .
  • NBs NodeBs
  • eNBs eNodeBs
  • gNBs gNodeBs
  • the infrastructure for each network may support different functionality and it is appreciated that infrastructure illustrated within one network can include appropriate hardware/software to support functionality of other telecommunication networks.
  • Respective network entities that form core network 160 operatively connect respective RAN infrastructure (NBs, eNBs, gNBs) to third party networks such as a voice network 105 (e.g., a Public Switched Telephone Network (PSTN) network) and/or a data network 108 to create end-to-end connections.
  • a voice network 105 e.g., a Public Switched Telephone Network (PSTN) network
  • PSTN Public Switched Telephone Network
  • the third party network Prior to 3G (e.g., 2G, 2.5G, etc.) the third party network primarily included a voice network/PSTN 105 (e.g., a circuit switched network). From 3G onward, the third party network transitioned to include a public network (e.g., the Internet), represented by data network 108 (e.g., a packet switched network).
  • Core network 160 and its respective network entities collectively operate to manage connections, bandwidth, and mobility for respective UE.
  • core network 160 evolved along three functional planes, including service management, session management, and mobility management.
  • Service management for 2G and 3G networks includes operations to create an Integrated Services Digital Network (ISDN) over wireless links (e.g., Uu links).
  • Session management for 3G and 4G networks generally include operations establish, maintain, and release network resources (e.g., data connections).
  • session management includes a standalone General Packet Radio Service (GPRS) network
  • 4G network 120 introduced a fully integrated data only network optimized for mobile broadband (where basic telephone operations are supported as one profile).
  • Mobility management generally includes operations that support movement of UE in a mobile network, such as system registration, location tracking and handover (e.g., often optimized reduce heavy signaling loads).
  • a Serving Gateway (SGW) and a Packet Data Gateway (PGW) support session management operations while mobility management operations (which maintains data sessions for mobile UE) are centralized within a Mobility Management Entity (MME).
  • SGW Serving Gateway
  • PGW Packet Data Gateway
  • MME Mobility Management Entity
  • 5G network 130 introduces a new service base architecture (SBA) 132 , which generally redistributes functionality of 4G network entities into smaller service-based functions/network entities.
  • SBA service base architecture
  • packet routing and forwarding functions (which are performed by SGW and PGW in 4G network 120 ) are realized as services rendered through a new network function/entity called the User Plane Function (UPF).
  • UPF User Plane Function
  • 5G network 130 provides a modular set of services that support dynamic and scalable deployment of resources to satisfy diverse user demands.
  • FIG. 2 illustrates a schematic block diagram of an exemplary network device or Network Function (NF) 200 that may be used with one or more embodiments described herein, e.g., particularly as User Equipment (UE) and/or other NFs within SBA 132 (e.g., an Access and Mobility Management Function (AMF) entity, Authentication Server Function (AUSF) entity, and so on).
  • UE User Equipment
  • AMF Access and Mobility Management Function
  • AUSF Authentication Server Function
  • the illustrative device 200 comprises one or more network interfaces 210 , at least one processor 220 , and a memory 240 interconnected by a system bus 250 .
  • Network interface(s) 210 contain the mechanical, electrical, and signaling circuitry for communicating data over links (e.g., wires or wireless links) within the telecommunication networks 100 (e.g., ref. FIG. 1 ).
  • Network interfaces 210 may be configured to transmit and/or receive data using a variety of different communication protocols, as will be understood by those skilled in the art.
  • network interfaces 210 may include new blockchain network interfaces (e.g., “BCx”, “BCy”, and/or “BCz”) as discussed in greater detail below.
  • Memory 240 comprises a plurality of storage locations that are addressable by processor 220 for storing software programs and data structures associated with the embodiments described herein.
  • Processor 220 may comprise necessary elements or logic adapted to execute the software programs and manipulate data structures 245 .
  • An operating system 242 portions of which are typically resident in memory 240 and executed by processor 220 , functionally organizes the device by, inter alia, invoking operations in support of services and/or software processes executing on the device/module. These services and/or software processes may comprise an illustrative “block chain registration” process/service 244 as well as “session establishment” process/services 246 , as described herein. Note that while processes/services 244 and 246 are shown in centralized memory 240 , some embodiments provide for these processes/services to be operated in a distributed communication network.
  • the techniques described herein may be performed by hardware, software, and/or firmware, such as in accordance with the illustrative blockchain authentication process 244 and/or the illustrative session establishment process 246 , which may contain computer executable instructions executed by processor 220 to perform functions relating to UE authentication and/or UE session establishment described herein.
  • processor 220 can include one or more programmable processors, e.g., microprocessors or microcontrollers, or fixed-logic processors.
  • any associated memory e.g., memory 240
  • memory 240 may be any type of tangible processor readable memory, e.g., random access, read-only, etc., that is encoded with or stores instructions that can implement program modules, e.g., a module having blockchain registration process 244 and/or session establishment process 246 encoded thereon.
  • Processor 220 can also include a fixed-logic processing device, such as an application specific integrated circuit (ASIC) or a digital signal processor that is configured with firmware comprised of instructions or logic that can cause the processor to perform the functions described herein.
  • ASIC application specific integrated circuit
  • firmware comprised of instructions or logic that can cause the processor to perform the functions described herein.
  • program modules may be encoded in one or more tangible computer readable storage media for execution, such as with fixed logic or programmable logic, e.g., software/computer instructions executed by a processor, and any processor may be a programmable processor, programmable digital logic, e.g., field programmable gate array, or an ASIC that comprises fixed digital logic, or a combination thereof.
  • any process logic may be embodied in a processor or computer readable medium that is encoded with instructions for execution by the processor that, when executed by the processor, are operable to cause the processor to perform the functions described herein.
  • each network slice can include an isolated set of programmable resources that may implement individual network functions and/or application services through software programs within a respective network slice, without interfering with other functions and services on coexisting network slices.
  • the 5G network also supports additional processes and procedures for UE registration, session establishment, session maintenance, and so on, which can improve network services for a variety of devices with very different quality of service (QoS) requirements.
  • QoS quality of service
  • this disclosure provides complimentary and/or alternative mechanisms—e.g., blockchain registration capabilities—to natively support such dynamic and flexible workload provisioning and improve overall UE mobility.
  • Blockchain technologies generally facilitate transparent, verifiable, and secure digital asset transactions with proof of rights and ownership.
  • blockchain technologies generally employ distributed ledger technology (DLT) with built-in cryptography to enable open and trusted exchanges over the internet without requiring central servers and/or independent trusted authorities.
  • DLT distributed ledger technology
  • existing protocols/network architectures in the telecommunications context generally fail to support native blockchain technologies due, in part, to underlying security requirements for initial registration processes.
  • Blockchain technologies can be employed within existing telecommunication networks, however mobile network operators and/or mobile network entities are generally unaware of blockchain transactions because such blockchain transactions generally only occur after a mobile session is established (e.g., using overlay messages), which in turn, inhibits blockchain technology integration and participation by mobile service providers.
  • embodiments of this disclosure provide a native blockchain platform that employs blockchain operations that can serve as additional and/or alternative registration processes within a mobile network, and that further operates in conjunction with various mobile Network Functions (NFs) or network entities (including UE) over new blockchain network interfaces.
  • NFs mobile Network Functions
  • UE network entities
  • these blockchain authentication operations may satisfy security requirements for network service providers, and can provide access to a variety of new types of devices/users.
  • the native blockchain platform of this disclosure also supports device registration in the context of a roaming network—e.g., when UE is outside of its local/home network and attempts to connect to a roaming/visiting network.
  • FIG. 3A illustrates a schematic block diagram 301 , showing a blockchain platform natively integrated with a SBA 132 for an exemplary 5G network (e.g., 5G network 130 ), and FIG. 3B illustrates a schematic block diagram 302 , showing a reference point architecture for the blockchain platform of FIG. 3A .
  • FIGS. 3A and 3B show a native blockchain platform, an enterprise blockchain network 304 , which interconnects blockchain service providers (SPs) or Blockchain Authentication Function (BAF) entities 305 a - 305 n (e.g., distributed ledger technology (DLT) entities, etc.) entities with various network entities over blockchain network interfaces BCx, BCy, and BCz.
  • the blockchain interfaces can form network interfaces 210 for device/entity 200 , discussed above.
  • the blockchain interfaces represent communication links that facilitate an exchange of messages or data packets between BAF(s) and SBA 132 (e.g., NFs that form SBA 132 .
  • BCx can facilitate exchanging messages related to policy request, authorization, network usage, lawful intercept, accounting, and the like.
  • BCy can facilitate exchanging messages related to secondary authentication, authorization, resource sharing, lawful intercept, network slicing, etc.
  • BCz can facilitate exchanging messages related to standalone Authentication public key pre-set, authorization, Distributed Ledger Technology query/set, etc.
  • Blockchain network 304 generally facilitates sharing network resources or access to network functions (NFs) such as Access and Mobility Management Function (AMF), Session Management Function (SMF), Network Repository Function (NRF), and so on, with User Equipment (e.g., UE 308 ), and creates specific trust boundaries across multiple service providers using distributed blockchain ledgers, as discussed in greater detail herein.
  • NFs network functions
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • NRF Network Repository Function
  • Blockchain network 304 may represent an open source blockchain network or platform such distributed ledgers, hyperledger Sawtooth, and the like.
  • schematic block diagram 301 illustrates a roaming architecture with a local breakout scenario for a service based interface representation of SBA 132 .
  • this roaming architecture includes a Visited Public Land Mobile Network (VPLMN) and a Home Public Land Mobile Network (HPLMN).
  • a Public Land Mobile Network (PLMN) is a network established and operated by a carrier for providing mobile communication services to its subscribers. Generally, domestic subscribers for a carrier use roaming if to receive services from abroad.
  • a HPLMN refers to the subscriber's home network (e.g., domestic carrier) while VPLMN refers to the subscriber's abroad network (where the UE may be registered while roaming). While FIG.
  • 3A illustrates the roaming architecture with the local breakout scenario, it is appreciated other roaming architectures may be employed (e.g., home routing, etc.). Further, as shown here, some network entities such as the Session Management Function (SMF) and the User Plane Function(s) (UPF(s)) involved in a PDU session are under the control of the VPLMN.
  • SMF Session Management Function
  • UPF User Plane Function
  • the network entities that form SBA 132 include AMF 320 , SMF 325 , Network Slice Selection Function (NSSF) 330 , Network Exposure Function (NEF) 335 v
  • NWSF Network Slice Selection Function
  • NEF Network Exposure Function
  • NEF Network Repository Function
  • PCF Policy Control Function
  • AF Application Function
  • These network entities can be implemented either as a network element on a dedicated hardware, as a software instance running on a dedicated hardware, or as a virtualized function instantiated on an appropriate platform, e.g., a cloud infrastructure, as is appreciated by those skilled in the art.
  • UE 308 connects to RAN/Access Network (AN) 310 as well as AMF 320 .
  • the RAN can include a base station while the AN can include a base station supporting non-3GPP access, e.g., Wi-Fi access.
  • AMF 320 provides UE-based authentication, authorization, mobility management, etc.
  • SMF 325 is responsible for session management, IP address allocation to UE(s), and traffic management/selection of a User Plane Function (UPF) (e.g., UPF 315 ) for proper routing/data transfer.
  • UPF User Plane Function
  • AF 350 generally provides information on packet flows to PCF 345 v , which is responsible for policy control in order to support Quality of Service (QoS). Based on the information from AF 350 , PCF 345 v determines policies about mobility and session management for proper AMF/SMF operations.
  • AUSF 355 stores authentication data for UE 308
  • UDM 360 stores subscription data for UE 308 .
  • Data network 108 provides Internet access or operator services.
  • the foregoing operations (and additional functionality) for respective network entities can be found in 3GPP Technical Specification (TS) 23.501 v 15.2.0 and TS 23.502v15.2.0, which is incorporated by herein by reference to its entirety.
  • TS Technical Specification
  • FIG. 3B illustrates a schematic block diagram 302 , showing a reference point interface representation of SBA 132 (e.g., with a local breakout scenario). Reference point representations often help develop detailed call flows in a normative standardization, which are illustrated in FIGS. 4A, 4B, and 5 (and described in greater detail below). It should be noted, for sake of clarity, certain network entities (e.g., NEF 335 , NRF 340 , etc.) are not shown by schematic block diagram 302 . However, it is appreciated any of the illustrated network entities can interact with the non-illustrated entities as appropriate.
  • NEF 335 e.g., NRF 340 , etc.
  • the native blockchain platform shown in FIGS. 3A and 3B includes enterprise blockchain network 304 , which interconnects various blockchain service providers (SPs), represented as Blockchain Authentication Function (BAF) entities 305 a - 305 n , with various mobile network entities over blockchain network interfaces BCx, BCy, and BCz.
  • SPs blockchain service providers
  • BAF Blockchain Authentication Function
  • this native blockchain platform provides an additional and/or alternative blockchain authentication procedure for registering UE, such as UE 308 .
  • this blockchain authentication procedure may be represented by blockchain authentication process/services 244 (ref. FIG. 2 ).
  • RAN/Access Network (AN) 310 broadcasts system information (e.g., PLMN-IDs) to various UE(s), including UE 308 .
  • UE 308 receives the PLMN-ID from RAN/Access Network (AN) 310 and, during its initial registration, UE 308 indicates support for a complimentary (and/or substitute) blockchain authentication procedure.
  • UE 308 can indicate support for the blockchain authentication procedure in a radio layer message (e.g., a Radio Resource Control (RRC) message) sent to RAN/Access Network (AN) 310 .
  • RRC Radio Resource Control
  • RAN/Access Network (AN) 310 receives the RRC messages from UE 308 and selects an appropriate AMF 320 and/or redirects the RRC messages to a new AMF as appropriate.
  • RAN/AN 310 can determine the RRC message from UE 308 include an indication to perform the blockchain authentication procedure (e.g., in an access category) and selects AMF 320 and/or redirects to a new AMF based on its capability to support the blockchain authentication procedure.
  • AMF 320 can perform the blockchain authentication procedure by exchanging authentication messages with one or more Blockchain Authentication Function (BAF) entities (e.g., BAF(s) 305 a - n ) over blockchain network interfaces BCx and/or BCy.
  • BAF Blockchain Authentication Function
  • the blockchain authentication procedure generally refers to authentication messages exchanged between one or more core NFs and a BAF, which is exposed to the core NFs over the new blockchain network interfaces.
  • the authentication messages provide the BAF with UE credentials and the BAF, in turn, compares the UE credentials against UE credentials stored on a blockchain or distributed ledger.
  • the BAF returns authentication confirmation messages if the UE credentials match the UE credentials stored on the blockchain or distributed ledger.
  • FIGS. 4A and 4B provide signaling diagrams showing different embodiments of the blockchain authentication procedure.
  • AMF 320 may send authentication messages to invoke/request that AUSF 355 perform blockchain authentication, which causes AUSF 355 to authenticate UE 308 with BAF 305 over blockchain network interface BCx (e.g., ref FIG. 4A ), while in other embodiments, AMF 320 can directly authenticate UE 308 with BAF 305 over blockchain network interface BCy (e.g., ref. FIG. 4B ), using for example, REST Application Program Interface (API) messages.
  • API Application Program Interface
  • UE 308 may indicates support for the blockchain authentication procedure to AMF 320 using RRC messages over RAN/AN network interfaces (which are further transmitted to AMF 320 ) and/or UE 308 may send a Non-Access Stratum (NAS) messages directly to AMF 320 (e.g., over network interface N 1 ), which NAS messages indicate UE 308 supports/request the blockchain authentication procedure.
  • NAS Non-Access Stratum
  • the indication can be included directly in a NAS message (e.g., as payload data such as registration type) and/or in follow-on request (e.g., follow-on request data).
  • AMF 320 and/or AUSF 355 may still perform conventional authentication processes, depending on service provider or mobile network operator security/integrity policies, as is appreciated by those skilled in the art—e.g., generating/creating encryption keys (e.g., anchor keys), sending authentication requests to AUSF 355 , selecting UDM 360 , retrieving vectors, e.g., credentials and/or encryption keys, from UDM 360 , and so on.
  • generating/creating encryption keys e.g., anchor keys
  • UDM 360 selecting UDM 360
  • vectors e.g., credentials and/or encryption keys
  • the blockchain authentication procedure can complement (or augment) existing authentication processes (e.g., 5G Extensible Authentication Protocol (EAP)—Authentication and Key Agreement (AKA) procedures defined by 3GPP TS 33.301, etc.) to serve as an enhanced or secondary form of security, while in other embodiments, the blockchain authentication procedure can replace existing authentication processes (e.g., if existing authentication processes fail.
  • EAP 5G Extensible Authentication Protocol
  • AKA Authentication and Key Agreement
  • FIGS. 4A and 4B illustrate respective schematic signaling diagrams 401 / 402 for the disclosed a blockchain authentication procedure where AMF 320 invokes AUSF 355 in diagram 401 , and AMF 320 directly authenticates UE 308 with BAF 305 .
  • UEs register with the network in order to receive network services, enable mobility tracking, and support mobility/reachability.
  • the call flow for registration procedures can vary based on initial registrations, mobility registration updates, periodic registration updates, and so on.
  • FIGS. 4A and 4B illustrate an initial registration procedure in accordance with embodiments of the disclosed blockchain authentication procedure, however it is appreciated the call flows may be modified based the type of UE registration.
  • schematic signaling diagram 401 begins at step 403 , where UE 308 sends a registration request message to RAN/AN 310 .
  • the registration request message can indicate UE 308 supports a blockchain authentication procedure in, for example, data fields such as access categories/access identities for existing registration messages (e.g., in accordance with access identities/access categories and RRC establishment clauses specified by 3GPP TS 24.501, table 4.5.6.1 (below)).
  • RAN/AN 310 selects an AMF—here, AMF 320 —based on the registration message. For example, RAN/AN 310 determines the registration request message indicates UE 308 supports the blockchain authentication procedure, and can select an appropriate AMF that likewise supports such procedure. Alternatively, RAN/AN 310 can reject the blockchain authentication request, which causes the UE to revert to exiting 3GPP behaviour.
  • RAN/AN 310 sends a registration request message to AMF 320 .
  • these registration request messages may generally follow existing registration procedures such as those specified in 3GPP TS 23.502 (e.g., 4.2.2.2).
  • the registration request message may further include a registration type information element (e.g., 5GS registration type information element, defined in 3GPP TS 24.501, 9.8.3.7) that indicates guest access with the additional blockchain mechanisms (e.g., the blockchain authentication procedure).
  • a registration type information element e.g., 5GS registration type information element, defined in 3GPP TS 24.501, 9.8.3.7
  • the 5GS registration type information element is provided below:
  • 5GS registration type information element 5GS registration type value (octet 1) Bits 3 2 1 0 0 1 initial registration 0 1 0 mobility registration updating 0 1 1 periodic registration updating 1 1 0 emergency registration 1 1 1 reserved All other values are unused and shall be interpreted as “initial registration”, if received by the network.
  • Follow-On Request bit (FOR) (octet 1) Bit 4 0 No follow-on request pending 1
  • the 5GS registration type information element can enable a follow-on attribute and/or set the follow-on-request bit, which can indicate support or information corresponding to the blockchain authentication procedure.
  • the 5GS registration type information element can be modified to include a registration type that indicates the guest authenticating mechanism (e.g., the blockchain authentication procedure).
  • the blockchain authentication procedure can include a non-3GPP authentication procedure piggy backed over a Non-Access Stratum (NAS) message.
  • NAS Non-Access Stratum
  • the blockchain authentication procedure could be carried in a transparent container payload of the NAS protocol where the authentication type can be indicated in a NAS payload.
  • AMF 320 may first perform standard EAP-AKA procedures (e.g., as defined by 3GPP TS 33.301, 6.1.2 and 6.1.3), and if successful, AMF 320 may further perform the blockchain authentication procedure as a complimentary or supplemental process.
  • AMF 320 may perform the blockchain authentication procedure and register/attach UE 308 to the network even if the standard EAP-AKA procedures fail (depending on policy/requirements).
  • Signaling diagram 401 continues to steps 406 and 408 where UE 308 and AMF 320 exchange identity request/response messages.
  • AMF 320 initiates a UE identity request at step 406 during an initial registration, e.g., when AMF 320 is new to UE 308 , and/or when AMF 320 was not provided Subscriber Concealed Identifier (SUCI) information from prior AMF(s) (e.g., in accordance with 3GPP TS 23.502 procedures).
  • SUCI Subscriber Concealed Identifier
  • AMF 320 particularly initiates authentication with UE 308 by sending an identity request message at step 406 and, in response, UE 308 generates and transmits, a corresponding identity response (e.g., with a SUCI or privacy preserving identifier containing a concealed subscriber permanent identifier (SUPI)) in step 408 .
  • a corresponding identity response e.g., with a SUCI or privacy preserving identifier containing a concealed subscriber permanent identifier (SUPI)
  • UE 308 returns additional parameters at step 408 to indicate support for the blockchain authorization procedure (e.g., in addition to or as an alternative to the above discussed indications in 5GS registration type information).
  • AMF 320 initiates UE authentication processes with an AUSF and selects AUSF 355 based on, for example, SUCI/SUPI information (described in 3GPP TS 23.501) and/or the indicated support for the blockchain authorization procedure.
  • Steps 410 - 424 illustrate the blockchain authentication procedure employed by AUSF 355 in conjunction with conventional authentication calls (e.g., as specified by 3GPP TS 33.501) between AMF 320 , AUSF 355 , and UDM 360 .
  • conventional authentication calls e.g., as specified by 3GPP TS 33.501
  • the ordering and exchange messages represented by steps 410 - 424 reflect various bi-lateral message exchanges.
  • step 410 provides optional challenges/responses between AMF 320 and UE 308 , which allow UE 308 to indicate support for the blockchain authorization procedure in NAS messages sent to AMF 320 (e.g., over network interface N 1 ).
  • AMF 320 can invoke existing authentication services by sending an authentication request message to AUSF 355 .
  • AUSF 355 checks that the requesting AMF in the serving network is entitled to use the serving network and sends, at step 414 , a corresponding authentication request message to UDM 360 .
  • UDM 360 generates and sends an authentication vector (e.g., security keys, etc.) to AUSF 355 , again at step 414 .
  • AUSF 355 also exchanges EAP-Requests/AKA-Challenges with AMF 320 , at step 416 , which further solicit EAP challenges/responses from UE 308 , at step 418 .
  • the EAP challenges/responses between UE 308 and AMF 320 can include NAS messages with blockchain payload data to provide AMF 320 (and thus AUSF 355 at step 416 ) relevant blockchain authentication information (e.g., UE 308 registration information with prior BAF entities, etc.) for subsequent or secondary authentication with BAF 305 (e.g., step 424 discussed below).
  • AUSF 355 can complete UE authentication with UDM 360 at step 414 .
  • the messages exchanged at steps 410 - 416 can confirm/accept the UE's credentials or deny/reject the UE's credentials based on existing authentication protocols.
  • these messages can provide appropriate security context/acknowledgements between UE 308 , AMF 320 , AUSF 355 , and UDM 360 , which protect/encrypt subsequent messages from UE 308 .
  • AMF 320 and AUSF 355 may further perform the blockchain authentication procedure (e.g., as a complimentary/substitute authentication procedure).
  • the blockchain authentication procedure can thought of as an extension to existing calls and/or may include additional flags/parameters in appropriate messages.
  • AMF 320 may continue on to perform the blockchain authentication process with AUSF 355 .
  • AMF 320 can receive relevant blockchain authentication information from UE 308 in the course of exchanging authentication messages based on existing procedures, or alternatively, UE 308 can send separate NAS messages to AMF 320 with the blockchain authentication information included in payload data, such as shown at step 420 .
  • the blockchain authentication information is used by AMF 320 /AUSF 355 to authenticate UE 308 with BAF 305 .
  • the blockchain authentication information can include a blockchain entity ID that corresponds to BAF 305 as well as blockchain credentials, such as blockchain registration information, blockchain subscription information, and so on.
  • UE 308 registers and subscribes to BAF 305 (e.g., over blockchain network interface BCz) to obtain the blockchain authentication information.
  • AMF 320 receives these NAS messages, identifies the blockchain entity ID, and selects an appropriate BAF (here, BAF 305 ) based on the blockchain entity ID.
  • AMF 320 further invokes AUSF 355 , at step 422 , to continue the blockchain authentication procedure and authenticate UE 308 with BAF 305 using, for example, a Nausf service call over the N 12 network interface.
  • AMF 320 sends service-based API messages (e.g., as defined by 3GPP TS 29.509 and TS 29.518) with appropriate blockchain authentication flags/parameters/payload/etc. to AUSF 355 .
  • AUSF 355 receives the API messages and exchanges, at step 424 , blockchain authentication messages with BAF 305 over blockchain network interface BCx. AUSF 355 further sends these blockchain authentication messages to AMF 320 (e.g., blockchain authentication confirmation, etc.) so AMF can complete the blockchain authentication procedure. It is appreciated the blockchain authentication procedure may require additional messages to handle situations where BAF 305 is slow to respond, is unavailable or out of service, and/or fails to confirm the UE credentials. In these situations, AMF 320 may send temporary Ack messages to UE 308 to provide additional processing time for BAF 305 to authenticate the UE credentials.
  • AMF 320 may send temporary Ack messages to UE 308 to provide additional processing time for BAF 305 to authenticate the UE credentials.
  • steps 420 - 424 represent blockchain authentication operations where AMF 320 receives identifying information for the BAF associated with UE 308 and selects BAF 305 based on the identifying information (e.g., steps 420 - 422 ), and completes the authentication transaction by acting as an agent of UE 308 since UE 308 may be considered a client of BAF 305 (e.g., steps 424 ).
  • UE 308 previously registered and subscribed to BAF 305 over blockchain interface BCz.
  • signaling diagram continues to steps 430 , 432 , 436 , and 438 , which include messages to complete UE 308 registration in accordance with 3GPP TS 23.502 (e.g., UDM selection/update, PCF selection, registration acceptance, and so on).
  • 3GPP TS 23.502 e.g., UDM selection/update, PCF selection, registration acceptance, and so on.
  • the blockchain authentication procedure may also include an optional credit check for UE 308 , shown as a charging event at step 434 .
  • this credit check represents a charging authorization procedure that can be performed after UE 308 is authenticated with BAF 305 but before AMF 320 completes registration and attaches UE 308 to the SBA network.
  • PCF 345 manages mobility credentials for UE 308 and performs the credit authorization procedure with BAF 305 in an authorization layer.
  • the credit authorization procedure determines if UE 308 (and its corresponding user) can complete a transaction (e.g., can the user pay for the transaction now or at a future time), the type and/or number of network services the user can afford (e.g., which can limit or restrict access to network resources), and so on.
  • PCF 345 can use the credit authorization procedure to determine virtual contract information (e.g., credit worthiness) associated with UE 308 , which can be shared with other network entities/services (e.g., NFs) in SBA 132 .
  • virtual contract information e.g., credit worthiness
  • steps 430 , 432 , 436 , and 438 include messages to complete UE 308 registration in accordance with 3GPP TS 23.502.
  • AMF 320 may directly perform the blockchain authentication procedure with BAF 305 (e.g., after, for example, AMF 320 successfully obtains an appropriate security context/acknowledgements from AUSF 355 /UDM 360 ), which ensure encryption/integrity protection for messages exchanged with UE 308 .
  • signaling diagram 402 of FIG. 4B shows AMF 320 directly performing the blockchain authentication procedure with BAF 305 .
  • signaling diagram 402 includes many of the same steps or calls shown in signaling diagram 401 , which are discussed above.
  • signaling diagram 402 further provides steps 426 and 428 , which represent AMF 320 operations to directly exchange blockchain authentication messages with BAF 305 .
  • UE 308 exchanges blockchain authentication information with AMF 320 using, for example, NAS messages that can include blockchain payload data.
  • the blockchain authentication information is used by AMF 320 to authenticate UE 308 with BAF 305 .
  • the blockchain authentication information can include a blockchain entity ID that corresponds to BAF 305 as well as blockchain credentials, such as blockchain registration information, blockchain subscription information, and so on.
  • AMF 320 receives these NAS messages and selects an appropriate BAF (here, BAF 305 ) based on the blockchain entity ID.
  • AMF 320 further authenticates UE 308 with BAF 305 at step 428 and may receive an authentication confirmation from BAF 305 .
  • Steps 430 , 432 , 436 , and 438 represent messages for completing UE registration in accordance with 3GPP TS 23.502.
  • FIG. 5 illustrates an example simplified procedure 500 for registering User Equipment (UE) in accordance with one or more embodiments of the blockchain authentication procedure.
  • Procedure 500 can represent operations of a blockchain authentication process (e.g., blockchain authentication process/services 244 ) that may be performed by one or more NF entities (e.g., NF/device 200 ) and can include, for example, an AMF entity (AMF 320 ) and/or an AUSF entity (AUSF 355 ).
  • AMF 320 AMF entity
  • AUSF 355 AUSF entity
  • Procedure 500 begins at step 505 and continues on to step 510 where, as discussed above, the AMF determines User Equipment (UE) (e.g., UE 308 ) supports a blockchain authentication procedure.
  • UE User Equipment
  • the AMF can determine the UE supports the blockchain authentication procedure from a Radio Request Control message (RRC) such as a registration request message and/or a Non-Access Stratum message received from the UE (e.g., in a registration type field, a NAS payload field, follow-on request data, etc.).
  • RRC Radio Request Control message
  • the RAN/AN in communication with the UE may select the AMF based on the indicated support for the blockchain authentication procedure.
  • Procedure continues to step 515 where the AMF optionally selects or invokes an Authentication Server Function (AUSF) entity to perform the blockchain authentication procedure.
  • AUSF Authentication Server Function
  • the AMF may directly communicate and authenticate the UE with a Blockchain Authentication Function (BAF) entity (e.g, BAF 305 ), or it may invoke an AUSF to perform the blockchain authentication procedure.
  • BAF Blockchain Authentication Function
  • the AMF receives blockchain credentials from the UE.
  • the blockchain credentials refer to blockchain authentication information and can include blockchain registration/subscription information.
  • the UE receives the blockchain credentials from the BAF entity over a blockchain network interface (e.g., BCz).
  • the AMF further determines, at step 525 , the blockchain credentials include a blockchain entity ID, and selects, at step 530 , the BAF (e.g., BAF 305 ) for blockchain authentication based on the same.
  • the BAF e.g., BAF 305
  • the AMF also exchanges authentication messages, at step 535 with the BAF.
  • the AMF exchange the authentication messages directly with the BAF (e.g., over a blockchain network interface BCy or indirectly (e.g., through the AUSF entity, which communicates with the BAF entity over a blockchain network interface BCz).
  • the AMF receives, at step 540 , a blockchain authentication confirmation from the BAF entity (again, either directly or indirectly through the AUSF entity).
  • the BAF entity may require additional processing time to validate the UE's credentials.
  • the AMF may send temporary Ack. messages to the UE to accommodate the additional processing time.
  • the AMF can optionally invoke, at step 545 , a Policy Control Function (PCF) entity (e.g., PCF 345 ) to perform a credit authorization procedure (e.g., in an authorization layer) for a user associated with the UE.
  • PCF Policy Control Function
  • the credit authorization procedure can determine a scope of network services (e.g., access or restrict) to be provided to the UE based on the credit worthiness of the user. In some embodiments, this information may be included as part of a virtual contract that can be shared with various NFs.
  • the PCF can provide, at step 545 , the UE access to one or more network resources based on the credit authorization procedure (e.g., credit worthiness of the user).
  • the AMF registers the UE at step 555 .
  • Procedure subsequently ends at step 560 , but may return again to step 510 where the AMF determines another UE supports the blockchain authentication procedure.
  • procedure 500 may be optional, and further, the steps shown in FIG. 5 are merely example steps for illustration—certain other steps may be included or excluded as desired. Further, while a particular order of the steps is shown, this ordering is merely illustrative, and any suitable arrangement of the steps may be utilized without departing from the scope of the embodiments herein.
  • the techniques described herein therefore, provide a native blockchain platform for wireless networks.
  • This native blockchain platform supports new use cases that create opportunities to share network resources across multiple provider networks, increase workload mobility security, improve billing/mediation and reconciliation and create mechanisms for roaming authentication/registration using blockchain technology.
  • the native blockchain platform provides new opportunities for the app economy and creates a new market place for Mobile virtual network operators (MVNO) participation.
  • MVNO Mobile virtual network operators
  • the native blockchain platform facilitates new methods for authenticating UE when attaching the UE to the network as well as new methods to facilitate payments for network services as part of blockchain charging events.
  • Such instructions can comprise, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network.
  • the computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
  • devices implementing methods according to these disclosures can comprise hardware, firmware and/or software, and can take any of a variety of form factors.
  • Typical examples of such form factors include laptops, smart phones, small form factor personal computers, personal digital assistants, and so on.
  • Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
  • Instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures. Accordingly this description is to be taken only by way of example and not to otherwise limit the scope of the embodiments herein. Therefore, it is the object of the appended claims to cover all such variations and modifications as come within the true spirit and scope of the embodiments herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A network function (NF) entity in a communication network determines a User Equipment (UE) supports a blockchain authentication procedure, exchanges authentication messages with a Blockchain Authentication Function (BAF) entity over a blockchain network interface (e.g., based on the blockchain authentication procedure), receives a blockchain authentication confirmation from the BAF entity, and registers the UE based on the blockchain authentication confirmation.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims benefit to U.S. provisional application No. 62/682,770, filed on Jun. 8, 2018, which is expressly incorporated by reference herein in its entirety.
    • TECHNICAL FIELD
  • The present subject matter relates generally to communication networks, and more particularly, to natively integrating blockchain technologies in the context of registering User Equipment (UE) in telecommunication networks (e.g., 4G, 5G, etc.)
    • BACKGROUND
  • An ever-increasing consumer demand, improved technological advancements (e.g., hardware/software infrastructure), and industry collaboration has driven significant growth in modern telecommunication networks and continues to drive its evolution. Indeed, each iteration or “next generation” of network capabilities, e.g., represented by standards promulgated by a Third Generation Partnership Project (3GPP), interconnects more devices, improves network bandwidth, increases data-rates, and so on. For example, a transition from 3rd Generation (3G) networks to 4th Generation (4G) networks introduced new network services and connected mobile devices to third party data networks such as the Internet. More recently, a transition is underway from existing 4G networks to new 5G networks, which includes a new service-oriented architecture for provisioning network services/resources in a dynamic, scalable, and customizable fashion (e.g., micro-services, network functions virtualization (NFV), etc.). For example, this service-oriented architecture supports network slices, which employ an isolated set of programmable resources that can implement individual network functions and/or application services through software programs within a respective network slice, without interfering with other functions and services on coexisting network slices. In turn, the service-oriented architecture, including its network slice implementation, creates opportunities to employ new mechanisms that natively support such dynamic and flexible workload provisioning and improve overall UE mobility.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The embodiments herein may be better understood by referring to the following description in conjunction with the accompanying drawings in which like reference numerals indicate identical or functionally similar elements. Understanding that these drawings depict only exemplary embodiments of the disclosure and are not therefore to be considered to be limiting of its scope, the principles herein are described and explained with additional specificity and detail through the use of the accompanying drawings in which:
  • FIG. 1 illustrates a schematic block diagram of exemplary telecommunication networks, including a 3G network, a 4G network, and a 5G network;
  • FIG. 2 illustrates a schematic block diagram of an exemplary network device, such as a Network Function (NF) entity/module, according to one or more embodiments of this disclosure;
  • FIG. 3A illustrates schematic block diagram of a roaming architecture with a local breakout scenario for a service based interface representation of a Service Based Architecture (SBA);
  • FIG. 3B illustrates a schematic block diagram of reference point representation of the roaming architecture shown in FIG. 3A;
  • FIG. 4A illustrates a schematic signaling diagram, showing a blockchain authentication procedure that invokes an Access and Mobility Management Function (AMF) entity;
  • FIG. 4B illustrates a schematic signaling diagram, showing a blockchain authentication procedure performed between an Access and Mobility Management Function (AMF) entity and a Blockchain Authentication Function (BAF) entity; and
  • FIG. 5 illustrates an example simplified procedure for registering User Equipment (UE) in a communication network, in accordance with one or more embodiments of the blockchain authentication procedure.
    •  DESCRIPTION OF EXAMPLE EMBODIMENTS
  • Overview
  • This disclosure describes techniques for registering User Equipment (UE) in a telecommunication network (e.g., 4G/5G networks, etc.) using a natively integrated blockchain platform. In particular, the techniques can support complimentary or substitute blockchain authentication procedures for any User Equipment (UE) attaching to a 5G network. For example, according to one or more embodiments of this disclosure, a network function (NF) entity in a communication network determines a UE supports a blockchain authentication procedure. The NF entity exchanges authentication messages with a Blockchain Authentication Function (BAF) entity over a blockchain network interface and receives a blockchain authentication confirmation from the BAF entity. The NF entity further registers the UE based on the blockchain authentication confirmation. In some embodiments, the NF entity can include an Access and Mobility Management Function (AMF) entity and/or an Authentication Server Function (AUSF) entity. Notably, the AMF entity may communicate directly with the BAF entity over the blockchain network interface and/or the AMF entity can invoke the AUSF entity to perform the authentication procedure and communicate with the BAF entity over another blockchain network interface.
    • DESCRIPTION
  • Various embodiments of the disclosure are discussed in detail below. While specific implementations are described in detail, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without departing from the spirit and scope of the disclosure.
  • As provided herein, this disclosure relates to communication networks (e.g., telecommunication networks), which include a number of network devices/modules/entities or “Network Function(s)” (NF(s)), as is appreciated by those skilled in the art. For sake of clarity, the NFs described herein are based on NFs specified by existing Technical Specifications such as the 3GPP TS 23.501, TS 23.502, TS 24.501, TS 29.509, TS 29.518, TS 33.301, TS 33.501, each of which is incorporated herein by reference to its entirety. Moreover, while some operations and functionality may be described and/or attributed to a particular NF, it is appreciated that such operations are not intended to be limited to the particular NF, but may be performed by other NFs as appropriate, particularly in view of the ongoing development and evolving nature of telecommunication networks.
  • A communication network is a geographically distributed collection of nodes interconnected by communication links and segments for transporting data between end nodes, such as mobile devices, computers, personal computing devices (and so on), and other devices, such as network entities, sensors, etc. Many types of networks are available, ranging from local area networks (LANs) to wide area networks (WANs). LANs typically connect these nodes over dedicated private communications links located in the same general physical location, such as a building or campus. WANs, on the other hand, typically connect geographically dispersed nodes over long-distance communications links, such as common carrier telephone lines, optical lightpaths, synchronous optical networks (SONET), synchronous digital hierarchy (SDH) links, etc. Some communication networks can include telecommunication networks, which transport data between end nodes, such as user equipment (UE), which can include mobile devices.
  • FIG. 1 illustrates a schematic block diagram of exemplary telecommunication networks 100, including a 3G network 110, a 4G network 120, and 5G network 130. Telecommunication networks 100 include wireless network interfaces or communication links, such as air interfaces 140, an access network 150, which represents radio infrastructure or radio towers, and a core network 160, which represents respective core network entities, network modules, or Network Functions (NF(s)). The wireless network interfaces or air interfaces 140 include Uu links for 3G network 110, LTE-Uu links for 4G network 120, and 5G-NR links for 5G network 130. In addition, other network interfaces (e.g., Nx, Sx, Lu-x, Gx, etc.) generally interconnect certain nodes (e.g., UE and/or core network entities) with other nodes (e.g., other UE and/or core network entities) based on, for example, distance, signal strength, network topology, current operational status, location, etc. As is appreciated by those skilled in the art, the network interfaces are vehicles for exchanging data packets (e.g., traffic and/or messages) between the nodes using predefined network protocols such as known wired protocols as appropriate. In this context, a protocol consists of a set of rules defining how the nodes interact with each other.
  • Those skilled in the art will understand that any number of nodes, devices, communication links, and the like may be used, and that the view shown herein is for simplicity. In particular, the representations of telecommunication networks 100, including respective interconnected network entities, are illustrated and described herein for purposes of discussion, not limitation, and it is appreciated that the illustrated networks can include (or exclude) any number of network entities, communication links, and the like, and can support inter-network operability and compatibility.
  • Access network 150 represents the infrastructure or radio towers, such as a Radio Access Network (RAN), for receiving and transmitting data packets between end user nodes (UE) as well as the various network entities (e.g., core network entities). Access network 150 includes NodeBs (NBs) for 3G network 110, eNodeBs (eNBs) for 4G network 120, and gNodeBs (gNBs) for 5G network 130. The infrastructure for each network may support different functionality and it is appreciated that infrastructure illustrated within one network can include appropriate hardware/software to support functionality of other telecommunication networks.
  • Respective network entities that form core network 160 (within the telecommunication networks 100) operatively connect respective RAN infrastructure (NBs, eNBs, gNBs) to third party networks such as a voice network 105 (e.g., a Public Switched Telephone Network (PSTN) network) and/or a data network 108 to create end-to-end connections. Prior to 3G (e.g., 2G, 2.5G, etc.) the third party network primarily included a voice network/PSTN 105 (e.g., a circuit switched network). From 3G onward, the third party network transitioned to include a public network (e.g., the Internet), represented by data network 108 (e.g., a packet switched network). Core network 160 and its respective network entities collectively operate to manage connections, bandwidth, and mobility for respective UE.
  • Notably, core network 160 evolved along three functional planes, including service management, session management, and mobility management. Service management for 2G and 3G networks includes operations to create an Integrated Services Digital Network (ISDN) over wireless links (e.g., Uu links). Session management for 3G and 4G networks generally include operations establish, maintain, and release network resources (e.g., data connections). In particular, in 3G network 110, session management includes a standalone General Packet Radio Service (GPRS) network, while 4G network 120 introduced a fully integrated data only network optimized for mobile broadband (where basic telephone operations are supported as one profile). Mobility management generally includes operations that support movement of UE in a mobile network, such as system registration, location tracking and handover (e.g., often optimized reduce heavy signaling loads). For example, in the context of 4G network 120, a Serving Gateway (SGW) and a Packet Data Gateway (PGW) support session management operations while mobility management operations (which maintains data sessions for mobile UE) are centralized within a Mobility Management Entity (MME).
  • 5G network 130, as discussed in greater detail herein, introduces a new service base architecture (SBA) 132, which generally redistributes functionality of 4G network entities into smaller service-based functions/network entities. In addition, packet routing and forwarding functions (which are performed by SGW and PGW in 4G network 120) are realized as services rendered through a new network function/entity called the User Plane Function (UPF). In this fashion, 5G network 130 provides a modular set of services that support dynamic and scalable deployment of resources to satisfy diverse user demands.
  • FIG. 2 illustrates a schematic block diagram of an exemplary network device or Network Function (NF) 200 that may be used with one or more embodiments described herein, e.g., particularly as User Equipment (UE) and/or other NFs within SBA 132 (e.g., an Access and Mobility Management Function (AMF) entity, Authentication Server Function (AUSF) entity, and so on).
  • The illustrative device 200 comprises one or more network interfaces 210, at least one processor 220, and a memory 240 interconnected by a system bus 250. Network interface(s) 210 contain the mechanical, electrical, and signaling circuitry for communicating data over links (e.g., wires or wireless links) within the telecommunication networks 100 (e.g., ref. FIG. 1). Network interfaces 210 may be configured to transmit and/or receive data using a variety of different communication protocols, as will be understood by those skilled in the art. Notably, network interfaces 210 may include new blockchain network interfaces (e.g., “BCx”, “BCy”, and/or “BCz”) as discussed in greater detail below.
  • Memory 240 comprises a plurality of storage locations that are addressable by processor 220 for storing software programs and data structures associated with the embodiments described herein. Processor 220 may comprise necessary elements or logic adapted to execute the software programs and manipulate data structures 245. An operating system 242, portions of which are typically resident in memory 240 and executed by processor 220, functionally organizes the device by, inter alia, invoking operations in support of services and/or software processes executing on the device/module. These services and/or software processes may comprise an illustrative “block chain registration” process/service 244 as well as “session establishment” process/services 246, as described herein. Note that while processes/ services 244 and 246 are shown in centralized memory 240, some embodiments provide for these processes/services to be operated in a distributed communication network.
  • Illustratively, the techniques described herein may be performed by hardware, software, and/or firmware, such as in accordance with the illustrative blockchain authentication process 244 and/or the illustrative session establishment process 246, which may contain computer executable instructions executed by processor 220 to perform functions relating to UE authentication and/or UE session establishment described herein.
  • It will be apparent to those skilled in the art that other processor and memory types, including various computer-readable media, may be used to store and execute program instructions pertaining to the techniques described herein. Also, while the description illustrates various processes, it is expressly contemplated that various processes may be embodied as modules configured to operate in accordance with the techniques herein (e.g., according to the functionality of a similar process). Further, while the processes have been shown separately, those skilled in the art will appreciate that processes may be routines or modules within other processes. For example, processor 220 can include one or more programmable processors, e.g., microprocessors or microcontrollers, or fixed-logic processors. In the case of a programmable processor, any associated memory, e.g., memory 240, may be any type of tangible processor readable memory, e.g., random access, read-only, etc., that is encoded with or stores instructions that can implement program modules, e.g., a module having blockchain registration process 244 and/or session establishment process 246 encoded thereon. Processor 220 can also include a fixed-logic processing device, such as an application specific integrated circuit (ASIC) or a digital signal processor that is configured with firmware comprised of instructions or logic that can cause the processor to perform the functions described herein. Thus, program modules may be encoded in one or more tangible computer readable storage media for execution, such as with fixed logic or programmable logic, e.g., software/computer instructions executed by a processor, and any processor may be a programmable processor, programmable digital logic, e.g., field programmable gate array, or an ASIC that comprises fixed digital logic, or a combination thereof. In general, any process logic may be embodied in a processor or computer readable medium that is encoded with instructions for execution by the processor that, when executed by the processor, are operable to cause the processor to perform the functions described herein.
  • As noted above, a transition is currently underway from existing 4G networks to new 5G networks, which includes a new service-oriented architecture (e.g., SBA 132FIG. 1). Traditional processes employed by 3G and 4G networks to provision network resource and support UE mobility (e.g., registration, session establishment, session maintenance) were developed and optimized based on then-existing voice network (e.g., circuit-switched) infrastructure and/or conventional data network (e.g., packet switched) infrastructure. However, the 5G network introduces new infrastructure that supports the service-oriented architecture, which can provision network services/resources in a dynamic, scalable, and customizable fashion using, for example, network slices, micro-services, network functions virtualization (NFV), and so on. In the context of a network slice, each network slice can include an isolated set of programmable resources that may implement individual network functions and/or application services through software programs within a respective network slice, without interfering with other functions and services on coexisting network slices.
  • With respect to dynamic network resource and/or workload provisioning, the 5G network also supports additional processes and procedures for UE registration, session establishment, session maintenance, and so on, which can improve network services for a variety of devices with very different quality of service (QoS) requirements. For example, as disclosed herein, this disclosure provides complimentary and/or alternative mechanisms—e.g., blockchain registration capabilities—to natively support such dynamic and flexible workload provisioning and improve overall UE mobility.
  • Blockchain technologies generally facilitate transparent, verifiable, and secure digital asset transactions with proof of rights and ownership. For example, blockchain technologies generally employ distributed ledger technology (DLT) with built-in cryptography to enable open and trusted exchanges over the internet without requiring central servers and/or independent trusted authorities. However, despite its advantages, existing protocols/network architectures in the telecommunications context generally fail to support native blockchain technologies due, in part, to underlying security requirements for initial registration processes. Blockchain technologies can be employed within existing telecommunication networks, however mobile network operators and/or mobile network entities are generally unaware of blockchain transactions because such blockchain transactions generally only occur after a mobile session is established (e.g., using overlay messages), which in turn, inhibits blockchain technology integration and participation by mobile service providers.
  • Accordingly, as described in greater detail herein, embodiments of this disclosure provide a native blockchain platform that employs blockchain operations that can serve as additional and/or alternative registration processes within a mobile network, and that further operates in conjunction with various mobile Network Functions (NFs) or network entities (including UE) over new blockchain network interfaces. In particular, these blockchain authentication operations may satisfy security requirements for network service providers, and can provide access to a variety of new types of devices/users. In addition, the native blockchain platform of this disclosure also supports device registration in the context of a roaming network—e.g., when UE is outside of its local/home network and attempts to connect to a roaming/visiting network.
  • Referring again to the figures, FIG. 3A illustrates a schematic block diagram 301, showing a blockchain platform natively integrated with a SBA 132 for an exemplary 5G network (e.g., 5G network 130), and FIG. 3B illustrates a schematic block diagram 302, showing a reference point architecture for the blockchain platform of FIG. 3A. Collectively, FIGS. 3A and 3B show a native blockchain platform, an enterprise blockchain network 304, which interconnects blockchain service providers (SPs) or Blockchain Authentication Function (BAF) entities 305 a-305 n (e.g., distributed ledger technology (DLT) entities, etc.) entities with various network entities over blockchain network interfaces BCx, BCy, and BCz. Notably, the blockchain interfaces can form network interfaces 210 for device/entity 200, discussed above.
  • The blockchain interfaces represent communication links that facilitate an exchange of messages or data packets between BAF(s) and SBA 132 (e.g., NFs that form SBA 132. In particular, BCx can facilitate exchanging messages related to policy request, authorization, network usage, lawful intercept, accounting, and the like. BCy can facilitate exchanging messages related to secondary authentication, authorization, resource sharing, lawful intercept, network slicing, etc. BCz can facilitate exchanging messages related to standalone Authentication public key pre-set, authorization, Distributed Ledger Technology query/set, etc.
  • Blockchain network 304 generally facilitates sharing network resources or access to network functions (NFs) such as Access and Mobility Management Function (AMF), Session Management Function (SMF), Network Repository Function (NRF), and so on, with User Equipment (e.g., UE 308), and creates specific trust boundaries across multiple service providers using distributed blockchain ledgers, as discussed in greater detail herein. Blockchain network 304 may represent an open source blockchain network or platform such distributed ledgers, hyperledger Sawtooth, and the like.
  • With specific reference to FIG. 3A, schematic block diagram 301 illustrates a roaming architecture with a local breakout scenario for a service based interface representation of SBA 132. As shown, this roaming architecture includes a Visited Public Land Mobile Network (VPLMN) and a Home Public Land Mobile Network (HPLMN). A Public Land Mobile Network (PLMN) is a network established and operated by a carrier for providing mobile communication services to its subscribers. Generally, domestic subscribers for a carrier use roaming if to receive services from abroad. A HPLMN refers to the subscriber's home network (e.g., domestic carrier) while VPLMN refers to the subscriber's abroad network (where the UE may be registered while roaming). While FIG. 3A illustrates the roaming architecture with the local breakout scenario, it is appreciated other roaming architectures may be employed (e.g., home routing, etc.). Further, as shown here, some network entities such as the Session Management Function (SMF) and the User Plane Function(s) (UPF(s)) involved in a PDU session are under the control of the VPLMN.
  • As shown, the network entities that form SBA 132 include AMF 320, SMF 325, Network Slice Selection Function (NSSF) 330, Network Exposure Function (NEF) 335 v|335 h, Network Repository Function (NRF) 340 v|340 h, Policy Control Function (PCF) 345 v|345 h, and Application Function (AF) 350. These network entities can be implemented either as a network element on a dedicated hardware, as a software instance running on a dedicated hardware, or as a virtualized function instantiated on an appropriate platform, e.g., a cloud infrastructure, as is appreciated by those skilled in the art.
  • In general, UE 308 connects to RAN/Access Network (AN) 310 as well as AMF 320. Here, the RAN can include a base station while the AN can include a base station supporting non-3GPP access, e.g., Wi-Fi access. AMF 320 provides UE-based authentication, authorization, mobility management, etc. SMF 325 is responsible for session management, IP address allocation to UE(s), and traffic management/selection of a User Plane Function (UPF) (e.g., UPF 315) for proper routing/data transfer. If UE 308 has multiple sessions, different SMFs may be allocated to each session for individual management and/or different functionality per session. AF 350 generally provides information on packet flows to PCF 345 v, which is responsible for policy control in order to support Quality of Service (QoS). Based on the information from AF 350, PCF 345 v determines policies about mobility and session management for proper AMF/SMF operations. AUSF 355 stores authentication data for UE 308, and UDM 360 stores subscription data for UE 308. Data network 108 provides Internet access or operator services. The foregoing operations (and additional functionality) for respective network entities can be found in 3GPP Technical Specification (TS) 23.501 v 15.2.0 and TS 23.502v15.2.0, which is incorporated by herein by reference to its entirety.
  • FIG. 3B illustrates a schematic block diagram 302, showing a reference point interface representation of SBA 132 (e.g., with a local breakout scenario). Reference point representations often help develop detailed call flows in a normative standardization, which are illustrated in FIGS. 4A, 4B, and 5 (and described in greater detail below). It should be noted, for sake of clarity, certain network entities (e.g., NEF 335, NRF 340, etc.) are not shown by schematic block diagram 302. However, it is appreciated any of the illustrated network entities can interact with the non-illustrated entities as appropriate.
  • As mentioned, the native blockchain platform shown in FIGS. 3A and 3B includes enterprise blockchain network 304, which interconnects various blockchain service providers (SPs), represented as Blockchain Authentication Function (BAF) entities 305 a-305 n, with various mobile network entities over blockchain network interfaces BCx, BCy, and BCz. In general, this native blockchain platform provides an additional and/or alternative blockchain authentication procedure for registering UE, such as UE 308. Notably, this blockchain authentication procedure may be represented by blockchain authentication process/services 244 (ref. FIG. 2).
  • Continuing to refer to FIGS. 3A and 3B, RAN/Access Network (AN) 310 broadcasts system information (e.g., PLMN-IDs) to various UE(s), including UE 308. UE 308 receives the PLMN-ID from RAN/Access Network (AN) 310 and, during its initial registration, UE 308 indicates support for a complimentary (and/or substitute) blockchain authentication procedure. For example, UE 308 can indicate support for the blockchain authentication procedure in a radio layer message (e.g., a Radio Resource Control (RRC) message) sent to RAN/Access Network (AN) 310.
  • RAN/Access Network (AN) 310 receives the RRC messages from UE 308 and selects an appropriate AMF 320 and/or redirects the RRC messages to a new AMF as appropriate. Here, RAN/AN 310 can determine the RRC message from UE 308 include an indication to perform the blockchain authentication procedure (e.g., in an access category) and selects AMF 320 and/or redirects to a new AMF based on its capability to support the blockchain authentication procedure.
  • As discussed in greater detail below, AMF 320 can perform the blockchain authentication procedure by exchanging authentication messages with one or more Blockchain Authentication Function (BAF) entities (e.g., BAF(s) 305 a-n) over blockchain network interfaces BCx and/or BCy.
  • The blockchain authentication procedure generally refers to authentication messages exchanged between one or more core NFs and a BAF, which is exposed to the core NFs over the new blockchain network interfaces. The authentication messages provide the BAF with UE credentials and the BAF, in turn, compares the UE credentials against UE credentials stored on a blockchain or distributed ledger. As is appreciated by those skilled in the art, the BAF returns authentication confirmation messages if the UE credentials match the UE credentials stored on the blockchain or distributed ledger.
  • For example, FIGS. 4A and 4B provide signaling diagrams showing different embodiments of the blockchain authentication procedure. In particular, in one embodiment, AMF 320 may send authentication messages to invoke/request that AUSF 355 perform blockchain authentication, which causes AUSF 355 to authenticate UE 308 with BAF 305 over blockchain network interface BCx (e.g., ref FIG. 4A), while in other embodiments, AMF 320 can directly authenticate UE 308 with BAF 305 over blockchain network interface BCy (e.g., ref. FIG. 4B), using for example, REST Application Program Interface (API) messages.
  • In general, UE 308 may indicates support for the blockchain authentication procedure to AMF 320 using RRC messages over RAN/AN network interfaces (which are further transmitted to AMF 320) and/or UE 308 may send a Non-Access Stratum (NAS) messages directly to AMF 320 (e.g., over network interface N1), which NAS messages indicate UE 308 supports/request the blockchain authentication procedure. For these NAS layer messages, the indication can be included directly in a NAS message (e.g., as payload data such as registration type) and/or in follow-on request (e.g., follow-on request data).
  • In addition, AMF 320 and/or AUSF 355 may still perform conventional authentication processes, depending on service provider or mobile network operator security/integrity policies, as is appreciated by those skilled in the art—e.g., generating/creating encryption keys (e.g., anchor keys), sending authentication requests to AUSF 355, selecting UDM 360, retrieving vectors, e.g., credentials and/or encryption keys, from UDM 360, and so on. In this fashion, the blockchain authentication procedure can complement (or augment) existing authentication processes (e.g., 5G Extensible Authentication Protocol (EAP)—Authentication and Key Agreement (AKA) procedures defined by 3GPP TS 33.301, etc.) to serve as an enhanced or secondary form of security, while in other embodiments, the blockchain authentication procedure can replace existing authentication processes (e.g., if existing authentication processes fail.
  • As mentioned, FIGS. 4A and 4B illustrate respective schematic signaling diagrams 401/402 for the disclosed a blockchain authentication procedure where AMF 320 invokes AUSF 355 in diagram 401, and AMF 320 directly authenticates UE 308 with BAF 305. In general, UEs register with the network in order to receive network services, enable mobility tracking, and support mobility/reachability. Notably, the call flow for registration procedures can vary based on initial registrations, mobility registration updates, periodic registration updates, and so on. FIGS. 4A and 4B illustrate an initial registration procedure in accordance with embodiments of the disclosed blockchain authentication procedure, however it is appreciated the call flows may be modified based the type of UE registration.
  • Blockchain Registration Process Via AUSF
  • Referring now to FIG. 4A, schematic signaling diagram 401 begins at step 403, where UE 308 sends a registration request message to RAN/AN 310. In one embodiment, the registration request message can indicate UE 308 supports a blockchain authentication procedure in, for example, data fields such as access categories/access identities for existing registration messages (e.g., in accordance with access identities/access categories and RRC establishment clauses specified by 3GPP TS 24.501, table 4.5.6.1 (below)).
  • RRC establishment
    Access identities Access categories cause is set to
    0 0 (=MT_acc) MT access
    1 (=delay tolerant) FFS
    2 (=emergency) Emergency call
    3 (=MO_sig) MO signaling
    4 (=MO MMTel voice) MO voice call
    5 (=MO MMTel video) FFS
    6 (=MO SMS and FFS
    SMSoIP)
    7 (=MO_data) MO data
    1 Any category “High priority access”
    2 Any category “High priority access”
    11, 15 Any category “High priority access”
    12, 13, 14, Any category “High priority access”
    NOTE:
    See subclause 4.5.2, table 4.5.2.1 for use of the access identities of 0, 1, 2, and 11-15.
  • Next, RAN/AN 310 selects an AMF—here, AMF 320—based on the registration message. For example, RAN/AN 310 determines the registration request message indicates UE 308 supports the blockchain authentication procedure, and can select an appropriate AMF that likewise supports such procedure. Alternatively, RAN/AN 310 can reject the blockchain authentication request, which causes the UE to revert to exiting 3GPP behaviour.
  • At step 404, RAN/AN 310 sends a registration request message to AMF 320. As mentioned, these registration request messages (and corresponding call flows) may generally follow existing registration procedures such as those specified in 3GPP TS 23.502 (e.g., 4.2.2.2). However, in accordance with the disclosed blockchain authentication procedure, the registration request message may further include a registration type information element (e.g., 5GS registration type information element, defined in 3GPP TS 24.501, 9.8.3.7) that indicates guest access with the additional blockchain mechanisms (e.g., the blockchain authentication procedure).
  • For example, the 5GS registration type information element is provided below:
  • 9.8.3.7.1: 5GS registration type information element
    8 7 6 5 4 3 2 1
    5GS registration type IEI FOR 5GS registration type octet 1
    value
  • 9.8.3.7.1: 5GS registration type information element
    5GS registration type value (octet 1)
    Bits
    3 2 1
    0 0 1 initial registration
    0 1 0 mobility registration updating
    0 1 1 periodic registration updating
    1 1 0 emergency registration
    1 1 1 reserved
    All other values are unused and shall be interpreted as “initial
    registration”, if received by the network.
    Follow-On Request bit (FOR) (octet 1)
    Bit
    4
    0 No follow-on request pending
    1 Follow-on request pending
  • In one embodiment, the 5GS registration type information element can enable a follow-on attribute and/or set the follow-on-request bit, which can indicate support or information corresponding to the blockchain authentication procedure. In another embodiment, the 5GS registration type information element can be modified to include a registration type that indicates the guest authenticating mechanism (e.g., the blockchain authentication procedure).
  • As discussed in greater detail below, the blockchain authentication procedure, whether indicated in the registration request message with the follow-on request bit or the modified registration type, can include a non-3GPP authentication procedure piggy backed over a Non-Access Stratum (NAS) message. For example, the blockchain authentication procedure could be carried in a transparent container payload of the NAS protocol where the authentication type can be indicated in a NAS payload. Notably, in accordance with network service provider or operator policy/requirements, AMF 320 may first perform standard EAP-AKA procedures (e.g., as defined by 3GPP TS 33.301, 6.1.2 and 6.1.3), and if successful, AMF 320 may further perform the blockchain authentication procedure as a complimentary or supplemental process. However, as mentioned above, in some instances, AMF 320 may perform the blockchain authentication procedure and register/attach UE 308 to the network even if the standard EAP-AKA procedures fail (depending on policy/requirements).
  • Signaling diagram 401 continues to steps 406 and 408 where UE 308 and AMF 320 exchange identity request/response messages. Here, AMF 320 initiates a UE identity request at step 406 during an initial registration, e.g., when AMF 320 is new to UE 308, and/or when AMF 320 was not provided Subscriber Concealed Identifier (SUCI) information from prior AMF(s) (e.g., in accordance with 3GPP TS 23.502 procedures). As shown, AMF 320 particularly initiates authentication with UE 308 by sending an identity request message at step 406 and, in response, UE 308 generates and transmits, a corresponding identity response (e.g., with a SUCI or privacy preserving identifier containing a concealed subscriber permanent identifier (SUPI)) in step 408.
  • In some embodiments, UE 308 returns additional parameters at step 408 to indicate support for the blockchain authorization procedure (e.g., in addition to or as an alternative to the above discussed indications in 5GS registration type information). After step 408, AMF 320 initiates UE authentication processes with an AUSF and selects AUSF 355 based on, for example, SUCI/SUPI information (described in 3GPP TS 23.501) and/or the indicated support for the blockchain authorization procedure.
  • Steps 410-424 illustrate the blockchain authentication procedure employed by AUSF 355 in conjunction with conventional authentication calls (e.g., as specified by 3GPP TS 33.501) between AMF 320, AUSF 355, and UDM 360. As described below, the ordering and exchange messages represented by steps 410-424 reflect various bi-lateral message exchanges.
  • In particular, step 410 provides optional challenges/responses between AMF 320 and UE 308, which allow UE 308 to indicate support for the blockchain authorization procedure in NAS messages sent to AMF 320 (e.g., over network interface N1).
  • At step 412, AMF 320 can invoke existing authentication services by sending an authentication request message to AUSF 355. In response, AUSF 355 checks that the requesting AMF in the serving network is entitled to use the serving network and sends, at step 414, a corresponding authentication request message to UDM 360. UDM 360 generates and sends an authentication vector (e.g., security keys, etc.) to AUSF 355, again at step 414.
  • AUSF 355 also exchanges EAP-Requests/AKA-Challenges with AMF 320, at step 416, which further solicit EAP challenges/responses from UE 308, at step 418. As shown, the EAP challenges/responses between UE 308 and AMF 320 can include NAS messages with blockchain payload data to provide AMF 320 (and thus AUSF 355 at step 416) relevant blockchain authentication information (e.g., UE 308 registration information with prior BAF entities, etc.) for subsequent or secondary authentication with BAF 305 (e.g., step 424 discussed below). In accordance with existing authentication protocols, and based on the EAP challenges/responses received by AUSF 355 at step 416, AUSF 355 can complete UE authentication with UDM 360 at step 414.
  • Collectively, the messages exchanged at steps 410-416 can confirm/accept the UE's credentials or deny/reject the UE's credentials based on existing authentication protocols. In addition, these messages can provide appropriate security context/acknowledgements between UE 308, AMF 320, AUSF 355, and UDM 360, which protect/encrypt subsequent messages from UE 308.
  • Regardless of success/failure of UE authentication in steps 410, AMF 320 and AUSF 355 may further perform the blockchain authentication procedure (e.g., as a complimentary/substitute authentication procedure). In this fashion, the blockchain authentication procedure can thought of as an extension to existing calls and/or may include additional flags/parameters in appropriate messages.
  • Depending on policies and/or security requirements, AMF 320 may continue on to perform the blockchain authentication process with AUSF 355. As mentioned above, AMF 320 can receive relevant blockchain authentication information from UE 308 in the course of exchanging authentication messages based on existing procedures, or alternatively, UE 308 can send separate NAS messages to AMF 320 with the blockchain authentication information included in payload data, such as shown at step 420. The blockchain authentication information is used by AMF 320/AUSF 355 to authenticate UE 308 with BAF 305. For example, the blockchain authentication information can include a blockchain entity ID that corresponds to BAF 305 as well as blockchain credentials, such as blockchain registration information, blockchain subscription information, and so on. Preferably, UE 308 registers and subscribes to BAF 305 (e.g., over blockchain network interface BCz) to obtain the blockchain authentication information. AMF 320 receives these NAS messages, identifies the blockchain entity ID, and selects an appropriate BAF (here, BAF 305) based on the blockchain entity ID.
  • AMF 320 further invokes AUSF 355, at step 422, to continue the blockchain authentication procedure and authenticate UE 308 with BAF 305 using, for example, a Nausf service call over the N12 network interface. In this fashion, AMF 320 sends service-based API messages (e.g., as defined by 3GPP TS 29.509 and TS 29.518) with appropriate blockchain authentication flags/parameters/payload/etc. to AUSF 355.
  • AUSF 355 receives the API messages and exchanges, at step 424, blockchain authentication messages with BAF 305 over blockchain network interface BCx. AUSF 355 further sends these blockchain authentication messages to AMF 320 (e.g., blockchain authentication confirmation, etc.) so AMF can complete the blockchain authentication procedure. It is appreciated the blockchain authentication procedure may require additional messages to handle situations where BAF 305 is slow to respond, is unavailable or out of service, and/or fails to confirm the UE credentials. In these situations, AMF 320 may send temporary Ack messages to UE 308 to provide additional processing time for BAF 305 to authenticate the UE credentials.
  • In sum, steps 420-424 represent blockchain authentication operations where AMF 320 receives identifying information for the BAF associated with UE 308 and selects BAF 305 based on the identifying information (e.g., steps 420-422), and completes the authentication transaction by acting as an agent of UE 308 since UE 308 may be considered a client of BAF 305 (e.g., steps 424). Preferably, UE 308 previously registered and subscribed to BAF 305 over blockchain interface BCz.
  • Once UE 308 is successfully authenticated with the blockchain authentication procedure, signaling diagram continues to steps 430, 432, 436, and 438, which include messages to complete UE 308 registration in accordance with 3GPP TS 23.502 (e.g., UDM selection/update, PCF selection, registration acceptance, and so on).
  • In some embodiments of this disclosure, the blockchain authentication procedure may also include an optional credit check for UE 308, shown as a charging event at step 434. Notably, this credit check represents a charging authorization procedure that can be performed after UE 308 is authenticated with BAF 305 but before AMF 320 completes registration and attaches UE 308 to the SBA network.
  • In operation, PCF 345 manages mobility credentials for UE 308 and performs the credit authorization procedure with BAF 305 in an authorization layer. The credit authorization procedure determines if UE 308 (and its corresponding user) can complete a transaction (e.g., can the user pay for the transaction now or at a future time), the type and/or number of network services the user can afford (e.g., which can limit or restrict access to network resources), and so on. For example, in an Internet of Things (IoT) context, PCF 345 can use the credit authorization procedure to determine virtual contract information (e.g., credit worthiness) associated with UE 308, which can be shared with other network entities/services (e.g., NFs) in SBA 132.
  • As mentioned above, steps 430, 432, 436, and 438 include messages to complete UE 308 registration in accordance with 3GPP TS 23.502.
  • Blockchain Secondary Authentications Using AMF
  • In other embodiments of this disclosure, AMF 320 may directly perform the blockchain authentication procedure with BAF 305 (e.g., after, for example, AMF 320 successfully obtains an appropriate security context/acknowledgements from AUSF 355/UDM 360), which ensure encryption/integrity protection for messages exchanged with UE 308.
  • In particular, signaling diagram 402 of FIG. 4B shows AMF 320 directly performing the blockchain authentication procedure with BAF 305. Notably, signaling diagram 402 includes many of the same steps or calls shown in signaling diagram 401, which are discussed above.
  • In addition to the steps shown in signaling diagram 401, signaling diagram 402 further provides steps 426 and 428, which represent AMF 320 operations to directly exchange blockchain authentication messages with BAF 305. In particular, at step 426, UE 308 exchanges blockchain authentication information with AMF 320 using, for example, NAS messages that can include blockchain payload data. The blockchain authentication information is used by AMF 320 to authenticate UE 308 with BAF 305. As mentioned, the blockchain authentication information can include a blockchain entity ID that corresponds to BAF 305 as well as blockchain credentials, such as blockchain registration information, blockchain subscription information, and so on. AMF 320 receives these NAS messages and selects an appropriate BAF (here, BAF 305) based on the blockchain entity ID. AMF 320 further authenticates UE 308 with BAF 305 at step 428 and may receive an authentication confirmation from BAF 305.
  • Steps 430, 432, 436, and 438 represent messages for completing UE registration in accordance with 3GPP TS 23.502.
  • FIG. 5 illustrates an example simplified procedure 500 for registering User Equipment (UE) in accordance with one or more embodiments of the blockchain authentication procedure. Procedure 500 can represent operations of a blockchain authentication process (e.g., blockchain authentication process/services 244) that may be performed by one or more NF entities (e.g., NF/device 200) and can include, for example, an AMF entity (AMF 320) and/or an AUSF entity (AUSF 355).
  • Procedure 500 begins at step 505 and continues on to step 510 where, as discussed above, the AMF determines User Equipment (UE) (e.g., UE 308) supports a blockchain authentication procedure. For example, the AMF can determine the UE supports the blockchain authentication procedure from a Radio Request Control message (RRC) such as a registration request message and/or a Non-Access Stratum message received from the UE (e.g., in a registration type field, a NAS payload field, follow-on request data, etc.). Notably, in some embodiments, the RAN/AN in communication with the UE may select the AMF based on the indicated support for the blockchain authentication procedure.
  • Procedure continues to step 515 where the AMF optionally selects or invokes an Authentication Server Function (AUSF) entity to perform the blockchain authentication procedure. As discussed above, the AMF may directly communicate and authenticate the UE with a Blockchain Authentication Function (BAF) entity (e.g, BAF 305), or it may invoke an AUSF to perform the blockchain authentication procedure.
  • In step 520, the AMF receives blockchain credentials from the UE. The blockchain credentials refer to blockchain authentication information and can include blockchain registration/subscription information. In some embodiments, the UE receives the blockchain credentials from the BAF entity over a blockchain network interface (e.g., BCz).
  • The AMF further determines, at step 525, the blockchain credentials include a blockchain entity ID, and selects, at step 530, the BAF (e.g., BAF 305) for blockchain authentication based on the same.
  • The AMF also exchanges authentication messages, at step 535 with the BAF. As mentioned, the AMF exchange the authentication messages directly with the BAF (e.g., over a blockchain network interface BCy or indirectly (e.g., through the AUSF entity, which communicates with the BAF entity over a blockchain network interface BCz). The AMF receives, at step 540, a blockchain authentication confirmation from the BAF entity (again, either directly or indirectly through the AUSF entity). Notably, in some embodiments, the BAF entity may require additional processing time to validate the UE's credentials. In these embodiments, the AMF may send temporary Ack. messages to the UE to accommodate the additional processing time.
  • The AMF can optionally invoke, at step 545, a Policy Control Function (PCF) entity (e.g., PCF 345) to perform a credit authorization procedure (e.g., in an authorization layer) for a user associated with the UE. As mentioned above, the credit authorization procedure can determine a scope of network services (e.g., access or restrict) to be provided to the UE based on the credit worthiness of the user. In some embodiments, this information may be included as part of a virtual contract that can be shared with various NFs. Next, the PCF can provide, at step 545, the UE access to one or more network resources based on the credit authorization procedure (e.g., credit worthiness of the user). Finally, the AMF registers the UE at step 555.
  • Procedure subsequently ends at step 560, but may return again to step 510 where the AMF determines another UE supports the blockchain authentication procedure.
  • It should be noted that while certain steps within procedure 500 may be optional, and further, the steps shown in FIG. 5 are merely example steps for illustration—certain other steps may be included or excluded as desired. Further, while a particular order of the steps is shown, this ordering is merely illustrative, and any suitable arrangement of the steps may be utilized without departing from the scope of the embodiments herein.
  • The techniques described herein, therefore, provide a native blockchain platform for wireless networks. This native blockchain platform supports new use cases that create opportunities to share network resources across multiple provider networks, increase workload mobility security, improve billing/mediation and reconciliation and create mechanisms for roaming authentication/registration using blockchain technology. In addition, the native blockchain platform provides new opportunities for the app economy and creates a new market place for Mobile virtual network operators (MVNO) participation. As discussed above the native blockchain platform facilitates new methods for authenticating UE when attaching the UE to the network as well as new methods to facilitate payments for network services as part of blockchain charging events.
  • While there have been shown and described illustrative embodiments of the native blockchain platform and corresponding operations in a specific network context (e.g., a mobile core network for a 5G network), it is to be understood that various other adaptations and modifications may be made within the spirit and scope of the embodiments herein. For example, the embodiments and operations disclosed herein have been described with respect to certain devices, NFs, interfaces, and systems, however it is appreciated that such embodiments are provided for purposes of example, not limitation and that the blockchain authentication techniques disclosed herein can be incorporated as part of existing wireless networks.
  • The foregoing description has been directed to specific embodiments. It will be apparent, however, that other variations and modifications may be made to the described embodiments, with the attainment of some or all of their advantages. For instance, it is expressly contemplated that the components, elements, and/or operations described herein can be implemented as software being stored on a tangible (non-transitory) computer-readable medium, devices, and memories (e.g., disks/CDs/RAM/EEPROM/etc.) having program instructions executing on a computer, hardware, firmware, or a combination thereof. Further, methods describing the various functions and techniques described herein can be implemented using computer-executable instructions that are stored or otherwise available from computer readable media. Such instructions can comprise, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on. In addition, devices implementing methods according to these disclosures can comprise hardware, firmware and/or software, and can take any of a variety of form factors. Typical examples of such form factors include laptops, smart phones, small form factor personal computers, personal digital assistants, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example. Instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures. Accordingly this description is to be taken only by way of example and not to otherwise limit the scope of the embodiments herein. Therefore, it is the object of the appended claims to cover all such variations and modifications as come within the true spirit and scope of the embodiments herein.

Claims (20)

1. A method for registering User Equipment in a communication network, the method comprising:
determining, by an Access and Mobility Management Function (AMF) entity, a User Equipment (UE) supports a blockchain authentication procedure;
first receiving, by the AMF entity, blockchain credentials from the UE;
determining, by the AMF entity, the blockchain credentials include a blockchain entity identifier (ID);
selecting, by the AMF, from amongst a plurality of available Blockchain Authentication Function (BAF) entities a particular BAF entity based on the blockchain entity ID;
exchanging, after the selecting, authentication messages between the AMF entity and the selected BAF entity over a blockchain network interface, based on the blockchain authentication procedure;
second receiving, by the AMF entity, a blockchain authentication confirmation from the BAF entity; and
registering, by the AMF entity, the UE based on the blockchain authentication confirmation.
2. The method of claim 1, wherein exchanging authentication messages between the AMF entity and the BAF entity further comprises:
selecting an Authentication Server Function (AUSF) entity to perform the blockchain authentication procedure; and
sending a blockchain authentication request to the AUSF entity to cause the AUSF entity to authenticate the UE with the BAF entity over a blockchain network interface, and
wherein receiving the authentication confirmation further comprises receiving the authentication confirmation from the AUSF entity.
3. (canceled)
4. The method of claim 1, further comprising:
receiving, by the AMF entity, blockchain credentials in a Non-Access Stratum (NAS) message from the UE, and
wherein exchanging the authentication messages further comprises exchanging the blockchain credentials between the AMF entity and the BAF entity.
5. The method of claim 4, wherein the blockchain network interface is a first blockchain network interface, wherein the UE receives the blockchain credentials from the BAF entity over a second blockchain network interface.
6. The method of claim 1, further comprising between the second receiving and the registering:
performing a credit authorization procedure for a user associated with the UE; and
providing the UE access to one or more network resources based on the credit authorization procedure.
7. The method of claim 6, wherein performing the credit authorization procedure further comprises invoking, by the AMF, a Policy Control Function entity to perform the credit authorization procedure.
8. (canceled)
9. The method of claim 1, wherein determining the UE supports the blockchain authentication procedure further comprises:
receiving, by the AMF entity, a registration request message associated with the UE over at least one of a Radio Access Network (RAN) interface or an Access Network (AN) interface; and
determining the registration request message indicates the UE supports blockchain authentication in an access category.
10. The method of claim 1, wherein determining the UE supports the blockchain authentication procedure further comprises:
receiving, by the AMF entity, a Non-Access Stratum (NAS) message associated with the UE; and
determining the NAS message indicates the UE supports the blockchain authentication procedure based on at least one of registration type data or follow-on request data.
11. The method of claim 1, wherein exchanging authentication messages between the AMF entity and the BAF entity further comprises exchanging one or more REST Application Program Interface (API) messages between the AMF entity and the BAF entity.
12. (canceled)
13. A network function (NF) device, comprising:
one or more network interfaces to communicate within a communication network;
a processor coupled to the network interfaces and adapted to execute one or more processes; and
a memory configured to store instructions executable by the processor, the instructions when executed operable to:
determine a User Equipment (UE) supports a blockchain authentication procedure;
first receive, by the AMF entity, blockchain credentials from the UE;
determine, by the AMF entity, the blockchain credentials include a blockchain entity identifier (ID);
select, by the AMF, from amongst a plurality of available Blockchain Authentication Function (BAF) entities a particular BAF entity based on the blockchain entity ID;
exchange, after the select, authentication messages with the selected BAF entity over a blockchain network interface, based on the blockchain authentication procedure;
second receive a blockchain authentication confirmation from the BAF entity; and
register the UE based on the blockchain authentication confirmation.
14. The NF device of claim 13, wherein the instructions to exchange authentication messages with the BAF entity are further operable to:
select an Authentication Server Function (AUSF) entity to perform the blockchain authentication procedure; and
send a blockchain authentication request to the AUSF entity to cause the AUSF entity to authenticate the UE with the BAF entity over a blockchain network interface, and
wherein the instructions to receive the authentication confirmation message are further operable to receive the authentication confirmation message from the AUSF entity.
15. (canceled)
16. The NF device of claim 13, wherein the instructions, when executed, are further operable to:
receive blockchain credentials in a Non-Access Stratum (NAS) message from the UE, and
wherein the instructions to exchange the authentication messages are further operable to send the blockchain credentials to the BAF entity.
17. The NF device of claim 13, wherein the instructions, when executed, are further operable to between the second receive and the register:
perform a credit authorization procedure for a user associated with the UE; and
provide the UE access to one or more network resources based on the credit authorization procedure.
18. A tangible, non-transitory, computer-readable media having instructions encoded thereon, the instructions, when executed by a processor, are operable to:
determine a User Equipment (UE) supports a blockchain authentication procedure;
first receive, by the AMF entity, blockchain credentials from the UE;
determine, by the AMF entity, the blockchain credentials include a blockchain entity identifier (ID);
select, by the AMF, from amongst a plurality of available Blockchain Authentication Function (BAF) entities a particular BAF entity based on the blockchain entity ID;
exchange, after the select, authentication messages with the selected BAF entity over a blockchain network interface, based on the blockchain authentication procedure;
second receive a blockchain authentication confirmation from the BAF entity; and
register the UE based on the blockchain authentication confirmation.
19. The tangible, non-transitory, computer-readable media of claim 18, wherein the instructions, when executed by the processor to exchange authentication messages with the BAF entity, are further operable to:
select an Authentication Server Function (AUSF) entity to perform the blockchain authentication procedure; and
send a blockchain authentication request to the AUSF entity to cause the AUSF entity to authenticate the UE with the BAF entity over a blockchain network interface, and
wherein the instructions, when executed by the processor to receive the authentication confirmation message are further operable to receive the authentication confirmation from the AUSF entity.
20. The tangible, non-transitory, computer-readable media of claim 18, wherein the instructions, when executed by the processor, are further operable between the second receive and the register to:
perform a credit authorization procedure for a user associated with the UE; and
provide the UE access to one or more network resources based on the credit authorization procedure.
US16/134,887 2018-06-08 2018-09-18 Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform Active US10505718B1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US16/134,887 US10505718B1 (en) 2018-06-08 2018-09-18 Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform
US16/138,524 US10491376B1 (en) 2018-06-08 2018-09-21 Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform
EP19736545.5A EP3804378A1 (en) 2018-06-08 2019-06-07 Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform
PCT/US2019/036144 WO2019237058A1 (en) 2018-06-08 2019-06-07 Systems, devices, and techniques for registering user equipment (ue) in wireless networks using a native blockchain platform
PCT/US2019/036164 WO2019237073A1 (en) 2018-06-08 2019-06-07 Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform
EP19733633.2A EP3804377A1 (en) 2018-06-08 2019-06-07 Systems, devices, and techniques for registering user equipment (ue) in wireless networks using a native blockchain platform

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862682770P 2018-06-08 2018-06-08
US16/134,887 US10505718B1 (en) 2018-06-08 2018-09-18 Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/138,524 Continuation US10491376B1 (en) 2018-06-08 2018-09-21 Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform

Publications (2)

Publication Number Publication Date
US10505718B1 US10505718B1 (en) 2019-12-10
US20190380030A1 true US20190380030A1 (en) 2019-12-12

Family

ID=68617589

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/134,887 Active US10505718B1 (en) 2018-06-08 2018-09-18 Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform
US16/138,524 Active US10491376B1 (en) 2018-06-08 2018-09-21 Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform

Family Applications After (1)

Application Number Title Priority Date Filing Date
US16/138,524 Active US10491376B1 (en) 2018-06-08 2018-09-21 Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform

Country Status (3)

Country Link
US (2) US10505718B1 (en)
EP (2) EP3804378A1 (en)
WO (2) WO2019237058A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200057860A1 (en) * 2018-08-20 2020-02-20 Cisco Technology, Inc. Blockchain-based auditing, instantiation and maintenance of 5g network slices
US11838854B2 (en) 2021-07-06 2023-12-05 Cisco Technology, Inc. 5G network slicing and resource orchestration using holochain
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218032B (en) * 2017-06-30 2022-01-04 华为技术有限公司 Charging method and device
EP3821578B1 (en) * 2018-07-13 2022-02-09 Telefonaktiebolaget LM Ericsson (publ) Verification of lawful interception data
AU2019304235A1 (en) * 2018-07-19 2021-03-11 Asia Top Loyalty Limited A method of loyalty exchange transaction by using blockchain for reward point exchange
CN110972138B (en) * 2018-09-30 2021-06-15 华为技术有限公司 Data processing method and data processing equipment thereof
US20210092103A1 (en) * 2018-10-02 2021-03-25 Arista Networks, Inc. In-line encryption of network data
US10778603B2 (en) * 2018-10-11 2020-09-15 Citrix Systems, Inc. Systems and methods for controlling access to broker resources
RU2708350C1 (en) * 2018-11-16 2019-12-05 Алибаба Груп Холдинг Лимитед Cross-chain interactions using a domain name scheme in blockchain systems
JP2020088455A (en) * 2018-11-16 2020-06-04 シャープ株式会社 User device, control device, and communication control method
EP3881584A1 (en) * 2018-11-16 2021-09-22 Lenovo (Singapore) Pte. Ltd. Accessing a denied network resource
US11062294B2 (en) * 2018-12-10 2021-07-13 International Business Machines Corporation Cognitive blockchain for customized interchange determination
CN112291725B (en) * 2019-07-22 2021-11-09 华为技术有限公司 Communication method and device
EP4018598A1 (en) * 2019-08-22 2022-06-29 Telefonaktiebolaget Lm Ericsson (Publ) Method and packet core system for common charging of network connectivity and cloud resource utilization
CN112449343B (en) * 2019-08-30 2022-08-19 华为技术有限公司 Method, equipment and system for managing user identity
US11924060B2 (en) * 2019-09-13 2024-03-05 Intel Corporation Multi-access edge computing (MEC) service contract formation and workload execution
US20220345941A1 (en) * 2019-10-07 2022-10-27 Telefonaktiebolaget Lm Ericsson (Publ) DNN Manipulation Using Selection Priority
FR3103990A1 (en) * 2019-11-29 2021-06-04 Orange Distributed access control methods and applications to a telecommunications network
CN111327591A (en) * 2020-01-19 2020-06-23 广州得众信息技术有限公司 Data transmission method, system and storage medium based on block chain
DE112021000866T5 (en) * 2020-01-31 2023-01-05 Sony Group Corporation USER DEVICE, NON-PUBLIC NETWORK AUTHENTICATION-AUTHORIZATION-ACCOUNTING SERVER, AUTHENTICATION SERVER FUNCTIONAL ENTITY
US11258830B2 (en) * 2020-06-10 2022-02-22 Charter Communications Operating, Llc Method and framework for internet of things network security
US11337056B1 (en) 2020-09-01 2022-05-17 Sprint Communications Company L.P. 5G network exposure function (NEF) capturing processor identity
US11687116B2 (en) * 2020-09-02 2023-06-27 International Business Machines Corporation Intelligent user equipment central processing unit core clock adjustment
KR20230095967A (en) * 2020-10-01 2023-06-29 오피노 엘엘씨 Session Management for Aviation Systems
US11570175B2 (en) * 2020-10-05 2023-01-31 T-Mobile Innovations Llc Communication network edge computing authorization
US11388068B1 (en) * 2020-10-21 2022-07-12 Sprint Communications Company L.P. Service record tracker network function
US11606624B2 (en) * 2020-10-23 2023-03-14 At&T Mobility Ii Llc Method and apparatus for operating an on-demand video gateway
CN114531256A (en) * 2020-11-03 2022-05-24 阿里巴巴集团控股有限公司 Data communication method and system
CN114584332B (en) * 2020-11-18 2024-03-19 中移物联网有限公司 Real-name authentication method and related equipment
CN112637896B (en) * 2020-12-10 2023-04-07 中国联合网络通信集团有限公司 Maximum aggregation rate allocation method, session management function entity and terminal
US11395111B1 (en) * 2021-01-28 2022-07-19 Sprint Communications Company Lp User charging over an exposure function in a wireless communication network
US11477719B1 (en) 2021-03-05 2022-10-18 Sprint Communications Company L.P. Wireless communication service responsive to an artificial intelligence (AI) network
CN113438650B (en) * 2021-06-10 2024-05-03 湖南天河国云科技有限公司 Network equipment authentication method and system based on block chain
US11910305B2 (en) * 2021-06-28 2024-02-20 At&T Intellectual Property I, L.P. System and method of securing allocation of network functions for session slices
CN114302450B (en) * 2021-12-30 2024-04-09 中国联合网络通信集团有限公司 Communication method and communication system
CN114650535B (en) * 2022-03-02 2023-01-03 广州爱浦路网络技术有限公司 SEPP mutual trust connection method, system, device and medium in 5G core network
CN116782225A (en) * 2022-03-07 2023-09-19 华为技术有限公司 Communication method, terminal device and communication device

Family Cites Families (228)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4236068A (en) 1979-03-29 1980-11-25 Walton Charles A Personal identification and signaling system
GB9505810D0 (en) 1995-03-22 1995-05-10 Int Computers Ltd Electronic identification system
US5642303A (en) 1995-05-05 1997-06-24 Apple Computer, Inc. Time and location based computing
US6812824B1 (en) 1996-10-17 2004-11-02 Rf Technologies, Inc. Method and apparatus combining a tracking system and a wireless communication system
US20090219879A1 (en) 1999-05-21 2009-09-03 Wi-Lan, Inc. Method and apparatus for bandwidth request/grant protocols in a wireless communication system
US20070037605A1 (en) 2000-08-29 2007-02-15 Logan James D Methods and apparatus for controlling cellular and portable phones
AU2001221632A1 (en) 2000-11-28 2002-06-11 Nokia Corporation System and method for authentication of a roaming subscriber
US20030087645A1 (en) 2001-11-08 2003-05-08 Kim Byoung-Jo J. Frequency assignment for multi-cell IEEE 802.11 wireless networks
US6830193B2 (en) 2001-11-29 2004-12-14 Matsushita Electric Industrial Co., Ltd. Non-contact IC card
US7564340B2 (en) 2002-10-09 2009-07-21 Inside Contactless RFID-UHF integrated circuit
US20040203572A1 (en) 2002-12-31 2004-10-14 Naveen Aerrabotu Emergency call-back for mobile terminals in a limited service mode
US7573862B2 (en) 2003-02-06 2009-08-11 Mahdi Chambers System and method for optimizing network capacity in a cellular wireless network
US9312953B2 (en) 2003-03-03 2016-04-12 Alexander Ivan Soto System and method for performing in-service optical network certification
AU2003256191A1 (en) 2003-08-26 2005-03-10 Telefonaktiebolaget Lm Ericsson (Publ) Apparatus and method for authenticating a user when accessing to multimedia services
US7567523B2 (en) 2004-01-29 2009-07-28 Microsoft Corporation System and method for network topology discovery
US8549638B2 (en) 2004-06-14 2013-10-01 Fireeye, Inc. System and method of containing computer worms
US8145182B2 (en) 2004-05-07 2012-03-27 Interdigital Technology Corporation Supporting emergency calls on a wireless local area network
KR101122359B1 (en) 2004-05-07 2012-03-23 인터디지탈 테크날러지 코포레이션 Supporting emergency calls on a wireless local area network
US8682279B2 (en) 2004-05-07 2014-03-25 Interdigital Technology Corporation Supporting emergency calls on a wireless local area network
EP1779680A4 (en) 2004-07-30 2008-09-17 Reva Systems Corpoartion Rfid tag data acquisition system
KR100636186B1 (en) 2004-10-28 2006-10-19 삼성전자주식회사 Bidirectional tunnel establishment method and system thereof
US20050090225A1 (en) 2004-11-16 2005-04-28 Om2 Technology Inc. A Simplified Second Generation Enhanced Emergency Communications System SSGE-911
KR100762615B1 (en) 2004-11-26 2007-10-01 삼성전자주식회사 Mobile Telecommunication System and Handoff Method for the Same
TWI272861B (en) 2004-12-10 2007-02-01 Asustek Comp Inc Earphone
WO2006069067A2 (en) 2004-12-20 2006-06-29 Sensicast Systems Method for reporting and accumulating data in a wireless communication network
US7613155B2 (en) 2005-04-30 2009-11-03 Lg Electronics Inc. Terminal, system and method for providing location information service by interworking between WLAN and mobile communication network
US8300594B1 (en) 2005-10-20 2012-10-30 Avaya Inc. Method and apparatus supporting out of band signaling for WLAN using network name
US9288623B2 (en) 2005-12-15 2016-03-15 Invisitrack, Inc. Multi-path mitigation in rangefinding and tracking objects using reduced attenuation RF technology
US20070239854A1 (en) 2006-04-11 2007-10-11 Gopalakrishnan Janakiraman Method of migrating process domain
US7940896B2 (en) 2006-06-29 2011-05-10 Avaya Inc. Adaption of emergency calls to the emergency services network based on caller location
USD552603S1 (en) 2006-07-12 2007-10-09 International Business Machines Corporation Wireless microphone and transmitter with strap
US7822027B2 (en) 2006-10-05 2010-10-26 Cisco Technology, Inc. Network routing to the socket
US20080101381A1 (en) 2006-10-25 2008-05-01 Mediatek Inc. Address resolution protocol (arp) cache management methods and devices
US8102814B2 (en) 2006-11-14 2012-01-24 Cisco Technology, Inc. Access point profile for a mesh access point in a wireless mesh network
EP1926277A1 (en) 2006-11-24 2008-05-28 Matsushita Electric Industrial Co., Ltd. Method for mitigating denial of service attacks against a home agent
EP1933507A1 (en) 2006-12-15 2008-06-18 Ubiwave Low-power multi-hop networks
US8838481B2 (en) 2011-07-26 2014-09-16 Golba Llc Method and system for location based hands-free payment
EP2090002A2 (en) 2006-12-22 2009-08-19 Apple, Inc. Tagging media assets, locations, and advertisements
US8010079B2 (en) 2006-12-28 2011-08-30 Trueposition, Inc. Emergency wireless location system including a wireless transceiver
US8381209B2 (en) 2007-01-03 2013-02-19 International Business Machines Corporation Moveable access control list (ACL) mechanisms for hypervisors and virtual machines and virtual port firewalls
US8325626B2 (en) 2007-01-18 2012-12-04 Telefonaktiebolaget Lm Ericsson (Publ) Lightweight mobility architecture
US8116441B2 (en) 2007-03-23 2012-02-14 Verizon Patent And Licensing Inc. Call routing based on physical location of called party
CN101277249B (en) 2007-03-27 2015-09-09 上海贝尔股份有限公司 The method of session Route Selection and device
US8156179B2 (en) 2007-04-26 2012-04-10 Platform Computing Corporation Grid-enabled, service-oriented architecture for enabling high-speed computing applications
US8897184B2 (en) 2007-06-22 2014-11-25 Vubiq Networks, Inc. System and method for wireless communication in a backplane fabric architecture
US7975262B2 (en) 2007-08-16 2011-07-05 Microsoft Corporation Error tracing with context history
FR2923969B1 (en) 2007-11-16 2012-11-23 Canon Kk METHOD FOR MANAGING FRAMES IN A GLOBAL COMMUNICATION NETWORK, COMPUTER PROGRAM PRODUCT, CORRESPONDING STORAGE MEDIUM AND TUNNEL HEAD
US8077628B2 (en) 2008-02-12 2011-12-13 International Business Machines Corporation Mobile device peer volume polling
JP4840395B2 (en) 2008-04-18 2011-12-21 ソニー株式会社 Information processing apparatus, program, information processing method, and information processing system
US8775817B2 (en) 2008-05-12 2014-07-08 Microsoft Corporation Application-configurable distributed hash table framework
US8886211B2 (en) 2008-05-27 2014-11-11 Qualcomm Incorporated Notification adjustment for computing devices
US8254902B2 (en) 2008-06-26 2012-08-28 Apple Inc. Apparatus and methods for enforcement of policies upon a wireless device
US7982614B2 (en) 2008-08-18 2011-07-19 Honeywell International Inc. Method and apparatus for wireless asset tracking using asset tags with motion sensors
WO2010053252A2 (en) 2008-11-07 2010-05-14 엘지전자주식회사 Method for performing bandwidth request process in wireless communication system
US8260320B2 (en) 2008-11-13 2012-09-04 Apple Inc. Location specific content
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US9515850B2 (en) 2009-02-18 2016-12-06 Telefonaktiebolaget Lm Ericsson (Publ) Non-validated emergency calls for all-IP 3GPP IMS networks
US8761174B2 (en) 2009-03-11 2014-06-24 Sony Corporation Quality of service traffic recognition and packet classification home mesh network
WO2011014197A1 (en) 2009-07-31 2011-02-03 Hewlett-Packard Development Company Lp Method for detection of a rogue wireless access point
EP2460369A1 (en) 2009-07-31 2012-06-06 Deutsche Telekom AG Method and apparatuses for the transmission of a short message in an evolved packet system providing an interworking function
WO2011038352A1 (en) 2009-09-26 2011-03-31 Cisco Technology, Inc. Providing offloads in a communication network
US8972601B2 (en) 2009-10-09 2015-03-03 Microsoft Technology Licensing, Llc Flyways in data centers
US8705513B2 (en) 2009-12-15 2014-04-22 At&T Intellectual Property I, L.P. Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks
US8639209B2 (en) 2009-12-21 2014-01-28 Continental Automotive Systems, Inc. Apparatus and method for detecting a cloned base station
US9455937B2 (en) 2010-01-07 2016-09-27 Force10 Networks, Inc. Distributed packet switch having a wireless control plane
US8576857B2 (en) 2010-01-22 2013-11-05 Cisco Technology, Inc. Automatically identifying an edge-facing router
US8484395B2 (en) 2010-01-27 2013-07-09 Broadcom Corporation System and method for dynamically configuring processing resources and memory resources of wireless-enabled components
USD628175S1 (en) 2010-03-21 2010-11-30 Cisco Technology, Inc. Mounted video unit
US8284748B2 (en) 2010-07-07 2012-10-09 Apple Inc. Ad hoc formation and tracking of location-sharing groups
US8473557B2 (en) 2010-08-24 2013-06-25 At&T Intellectual Property I, L.P. Methods and apparatus to migrate virtual machines between distributive computing networks across a wide area network
US8669902B2 (en) 2010-09-03 2014-03-11 Cisco Technology, Inc. Location estimation for wireless devices
US9807226B2 (en) 2010-10-08 2017-10-31 CSC Holdings, LLC Proximity-enhanced reconfiguration of telephone ring list
US8396485B2 (en) 2010-11-09 2013-03-12 Apple Inc. Beacon-based geofencing
US8644301B2 (en) 2010-11-29 2014-02-04 Clearwire Ip Holdings Llc Systems and methods of supporting emergency communications
US8627484B2 (en) 2010-12-22 2014-01-07 Trueposition, Inc. Unauthorized location detection and countermeasures
US10068440B2 (en) 2011-01-12 2018-09-04 Open Invention Network, Llc Systems and methods for tracking assets using associated portable electronic device in the form of beacons
EP2664201A1 (en) 2011-01-13 2013-11-20 Panasonic Corporation Method for determination of wireless terminals positions and associated system and apparatus thereof
US8947236B2 (en) 2011-01-18 2015-02-03 Avery Dennison Corporation Sensing properties of a material loading a UHF RFID tag by analysis of the complex reflection backscatter at different frequencies and power levels
KR101534995B1 (en) 2011-02-05 2015-07-07 애플 인크. Method and apparatus for mobile location determination
US8868133B1 (en) 2011-02-24 2014-10-21 Corvas Technologies Corp Beacon and associated components for a ranging system
US9689955B2 (en) 2011-02-24 2017-06-27 Corvus Technologies Corp Ranging system using active radio frequency (RF) nodes
WO2012140158A1 (en) 2011-04-12 2012-10-18 Telefonaktiebolaget L M Ericsson (Publ) Sending user plane traffic in a mobile communications network
EP2512106A1 (en) 2011-04-15 2012-10-17 Vodafone IP Licensing limited Method for managing data in M2M systems
US9569771B2 (en) 2011-04-29 2017-02-14 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
ES2607958T3 (en) 2011-05-03 2017-04-04 Huawei Technologies Co., Ltd. Method and device for transmitting a short message from an evolved packet system to a user equipment
US20120311127A1 (en) 2011-05-31 2012-12-06 Microsoft Corporation Flyway Generation in Data Centers
US9229867B2 (en) 2011-06-16 2016-01-05 International Business Machines Corporation Shared network response cache
US8650279B2 (en) 2011-06-29 2014-02-11 Juniper Networks, Inc. Mobile gateway having decentralized control plane for anchoring subscriber sessions
US9537794B2 (en) 2011-07-29 2017-01-03 Vubiq Networks, Inc. System and method for wireless communication in a backplane fabric architecture
TWI583151B (en) 2011-08-04 2017-05-11 中界雲端公司 System and method for implementing and managing virtual networks
US8879607B2 (en) 2011-08-12 2014-11-04 Sony Corporation Indoor positioning with rake receivers
KR101239022B1 (en) 2011-09-05 2013-03-04 엘에스산전 주식회사 Auxiliary ap tag and positioning system using the same
US8958318B1 (en) 2011-09-21 2015-02-17 Cisco Technology, Inc. Event-based capture of packets from a network flow
WO2013049385A2 (en) 2011-09-27 2013-04-04 Skyriver Communications, Inc. Point-to-multipoint microwave communication
CN102291320B (en) 2011-09-29 2015-03-18 杭州华三通信技术有限公司 MAC (media access control) address learning method and edge device
WO2013052805A1 (en) 2011-10-07 2013-04-11 Interdigital Patent Holdings Inc. Method and apparatus for integrating different radio access technologies using carrier aggregation
US9288555B2 (en) 2011-11-01 2016-03-15 Plexxi Inc. Data center network architecture
US8738756B2 (en) 2011-12-01 2014-05-27 International Business Machines Corporation Enabling co-existence of hosts or virtual machines with identical addresses
CN104054302B (en) 2011-12-16 2018-05-11 马维尔以色列(M.I.S.L.)有限公司 The network equipment, address resolution method, network and cache table minishing method
TWI640205B (en) 2012-01-11 2018-11-01 內數位專利控股公司 Adaptive control channel
US9544075B2 (en) 2012-02-22 2017-01-10 Qualcomm Incorporated Platform for wireless identity transmitter and system using short range wireless broadcast
WO2013127429A1 (en) 2012-02-28 2013-09-06 Nokia Siemens Networks Oy Data forwarding in a mobile communications network system with centralized gateway apparatus controlling distributed gateway elements
CN104205726B (en) 2012-03-21 2018-02-13 交互数字专利控股公司 The mobile base station session supported in the wireless network by another mobile base station
US9712559B2 (en) 2012-05-31 2017-07-18 Red Hat, Inc. Identifying frames
US8718644B2 (en) 2012-06-08 2014-05-06 Apple Inc. Automatically modifying wireless network connection policies based on user activity levels
US20130347103A1 (en) 2012-06-21 2013-12-26 Mark Veteikis Packet capture for error tracking
US9398519B2 (en) 2012-06-22 2016-07-19 Apple Inc. Beacon frame monitoring
US8997094B2 (en) 2012-06-29 2015-03-31 Pulse Secure, Llc Migrating virtual machines between computing devices
US20150379510A1 (en) 2012-07-10 2015-12-31 Stanley Benjamin Smith Method and system to use a block chain infrastructure and Smart Contracts to monetize data transactions involving changes to data included into a data supply chain.
US9390055B2 (en) 2012-07-17 2016-07-12 Coho Data, Inc. Systems, methods and devices for integrating end-host and network resources in distributed memory
USD691636S1 (en) 2012-08-09 2013-10-15 Jaleel Bunton Retractable earpiece storage case for a mobile phone
US9060352B2 (en) 2012-08-14 2015-06-16 Cisco Technology, Inc. Dynamic channel assignment for WLAN deployments with IEEE 802.11ac access points
US20140052508A1 (en) 2012-08-14 2014-02-20 Santosh Pandey Rogue service advertisement detection
CN103491010B (en) 2012-10-17 2016-12-07 华为技术有限公司 The methods, devices and systems of message are sent in virtual network
US8922344B2 (en) 2012-10-25 2014-12-30 Symbol Technologies, Inc. Detecting rogue radio frequency based tags based on locationing
US9390302B2 (en) 2012-11-25 2016-07-12 Pixie Technology Inc. Location measurments using a mesh of wireless tags
US9538325B2 (en) 2012-11-25 2017-01-03 Pixie Technology Inc. Rotation based alignment of a group of wireless tags
MY155815A (en) 2012-12-18 2015-12-02 Mimos Berhad System and method for dynamically allocating an application session manager at runtime
US9247394B2 (en) 2012-12-20 2016-01-26 Cisco Technologies, Inc. Using neighboring access points to provide client device location data
US20130232433A1 (en) 2013-02-01 2013-09-05 Concurix Corporation Controlling Application Tracing using Dynamic Visualization
US20140222997A1 (en) 2013-02-05 2014-08-07 Cisco Technology, Inc. Hidden markov model based architecture to monitor network node activities and predict relevant periods
US10088186B2 (en) 2013-02-07 2018-10-02 Honeywell International Inc. Building management system with power efficient discrete controllers
US9173084B1 (en) 2013-03-07 2015-10-27 Cisco Technology, Inc. Systems, methods and media for enhanced circuit-switched fallback interworking function signaling procedures for roaming user equipment
US9173158B2 (en) 2013-03-08 2015-10-27 Tellabs Operations, Inc. Method and apparatus for improving LTE enhanced packet core architecture using openflow network controller
US8982707B2 (en) 2013-03-14 2015-03-17 Cisco Technology, Inc. Interoperability of data plane based overlays and control plane based overlays in a network environment
US9112801B2 (en) 2013-03-15 2015-08-18 International Business Machines Corporation Quantized congestion notification in a virtual networking system
US9130859B1 (en) 2013-03-29 2015-09-08 Juniper Networks, Inc. Methods and apparatus for inter-virtual local area network multicast services
US20140317603A1 (en) 2013-04-20 2014-10-23 Concurix Corporation Multiple Tracer Configurations Applied on a Function-by-Function Level
US9009693B2 (en) 2013-05-08 2015-04-14 Microsoft Corporation Out-of-band framework libraries within applications
US20140341568A1 (en) 2013-05-20 2014-11-20 Sodero Networks, Inc. High-Throughput Network Traffic Monitoring through Optical Circuit Switching and Broadcast-and-Select Communications
US9270709B2 (en) 2013-07-05 2016-02-23 Cisco Technology, Inc. Integrated signaling between mobile data networks and enterprise networks
US9344349B2 (en) 2013-07-12 2016-05-17 Nicira, Inc. Tracing network packets by a cluster of network controllers
US9407580B2 (en) 2013-07-12 2016-08-02 Nicira, Inc. Maintaining data stored with a packet
US9231863B2 (en) 2013-07-23 2016-01-05 Dell Products L.P. Systems and methods for a data center architecture facilitating layer 2 over layer 3 communication
US9282033B2 (en) 2013-08-06 2016-03-08 Cisco Technology, Inc. Intelligent handling of virtual machine mobility in large data center environments
CN105900518B (en) 2013-08-27 2019-08-20 华为技术有限公司 System and method for mobile network feature virtualization
CA2921218A1 (en) 2013-09-05 2015-03-12 Mitel Mobility Inc. Converged media packet gateway for a novel lte data and voice core network architecture
US9363636B2 (en) 2013-09-05 2016-06-07 Google Inc. Sending geofence-related heuristics to multiple separate hardware components of mobile devices
US9398412B2 (en) 2013-09-26 2016-07-19 Intel Corporation Indoor position location using docked mobile devices
US20150103817A1 (en) 2013-10-11 2015-04-16 Qualcomm Incorporated Global time synchronization server for wireless devices
US9369387B2 (en) 2013-10-24 2016-06-14 Cisco Technology, Inc. Segment routing based wide area network orchestration in a network environment
ES2624443T3 (en) 2013-11-11 2017-07-14 Telefónica Digital España, S.L.U. A method for programming access points for aggregation of the return network in a network and a telecommunications device
EP3069241B1 (en) 2013-11-13 2018-08-15 Microsoft Technology Licensing, LLC Application execution path tracing with configurable origin definition
US9173067B2 (en) 2013-12-02 2015-10-27 At&T Intellectual Property I, L.P. Method and apparatus for performing a passive indoor localization of a mobile endpoint device
US9413713B2 (en) 2013-12-05 2016-08-09 Cisco Technology, Inc. Detection of a misconfigured duplicate IP address in a distributed data center network fabric
USD744464S1 (en) 2013-12-10 2015-12-01 Cisco Technology, Inc. Networking device and mounting bracket set
US9380119B2 (en) 2013-12-16 2016-06-28 Nokia Technologies Oy Method, apparatus, and computer program product for network discovery
WO2015109486A1 (en) 2014-01-23 2015-07-30 华为技术有限公司 Tunnel processing method for packet, switching device and control device
GB2522650A (en) 2014-01-31 2015-08-05 Ibm Computer system with groups of processor boards
WO2015131920A1 (en) 2014-03-03 2015-09-11 Telefonaktiebolaget L M Ericsson (Publ) Scheduling in wireless backhaul networks
US20150264519A1 (en) 2014-03-13 2015-09-17 Qualcomm Incorporated Efficient generation and update of heat maps
US9496592B2 (en) 2014-03-27 2016-11-15 Intel Corporation Rack level pre-installed interconnect for enabling cableless server/storage/networking deployment
US9450635B2 (en) 2014-04-03 2016-09-20 Intel Corporation Cableless connection apparatus and method for communication between chassis
US10043029B2 (en) 2014-04-04 2018-08-07 Zettaset, Inc. Cloud storage encryption
US9736056B2 (en) 2014-05-02 2017-08-15 Cisco Technology, Inc. Centralized predictive routing using delay predictability measurements
US9462108B2 (en) 2014-05-12 2016-10-04 Lg Electronics Inc. Mobile terminal and method for controlling the mobile terminal
US20150358777A1 (en) 2014-06-04 2015-12-10 Qualcomm Incorporated Generating a location profile of an internet of things device based on augmented location information associated with one or more nearby internet of things devices
EP3152951B1 (en) 2014-06-04 2018-09-19 Telefonaktiebolaget LM Ericsson (publ) Method and user equipment for predicting available throughput for uplink data
USD759639S1 (en) 2014-07-14 2016-06-21 Samsung Electronics Co., Ltd. Wireless access point
US9961560B2 (en) 2014-07-31 2018-05-01 Collision Communications, Inc. Methods, systems, and computer program products for optimizing a predictive model for mobile network communications based on historical context information
US9762683B2 (en) 2014-09-30 2017-09-12 A 10 Networks, Incorporated Use of packet header extension for geolocation/geotargeting
US20160099847A1 (en) 2014-10-02 2016-04-07 Cisco Technology, Inc. Method for non-disruptive cloud infrastructure software component deployment
US10064165B2 (en) 2014-10-03 2018-08-28 Qualcomm Incorporated Downlink and uplink channel with low latency
US10447676B2 (en) 2014-10-10 2019-10-15 Adp, Llc Securing application programming interfaces (APIS) through infrastructure virtualization
US9398422B2 (en) 2014-11-05 2016-07-19 Beco, Inc. Systems, methods and apparatus for light enabled indoor positioning and reporting
US9609504B2 (en) 2014-11-07 2017-03-28 Telefonaktiebolaget Lm Ericsson (Publ) Node and method for monitoring a visitor location register registration of a wireless device
USD757424S1 (en) 2014-12-09 2016-05-31 Blackberry Limited Container for an electronic device
US9967906B2 (en) 2015-01-07 2018-05-08 Cisco Technology, Inc. Wireless roaming using a distributed store
USD776634S1 (en) 2015-02-05 2017-01-17 Lg Electronics Inc. Portable earset case
US10700988B2 (en) 2015-03-05 2020-06-30 Cisco Technology, Inc. System and method for dynamic bandwidth adjustments for cellular interfaces in a network environment
US20160344641A1 (en) 2015-05-22 2016-11-24 The Regents Of The University Of California Architecture and control plane for data centers
US10114970B2 (en) 2015-06-02 2018-10-30 ALTR Solutions, Inc. Immutable logging of access requests to distributed file systems
US9998368B2 (en) 2015-06-11 2018-06-12 Futurewei Technologies, Inc. Zone routing system
USD804450S1 (en) 2015-07-15 2017-12-05 Cisco Technology, Inc. Case for wireless electronic equipment
US9654344B2 (en) 2015-07-16 2017-05-16 Cisco Technology, Inc. De-congesting data centers with wireless point-to-multipoint flyways
US9985837B2 (en) 2015-07-23 2018-05-29 Cisco Technology, Inc. Refresh of the binding tables between data-link-layer and network-layer addresses on mobility in a data center environment
US10097649B2 (en) 2015-07-24 2018-10-09 International Business Machines Corporation Facilitating location of and interaction with a convenient communication device
US9432901B1 (en) 2015-07-24 2016-08-30 Cisco Technology, Inc. System and method to facilitate radio access point load prediction in a network environment
WO2017058067A1 (en) 2015-09-29 2017-04-06 Telefonaktiebolaget Lm Ericsson (Publ) Securing network slice management
KR101637854B1 (en) 2015-10-16 2016-07-08 주식회사 코인플러그 Certificate issuance system and method based on block chain, certificate authentication system and method based on block chain
US20170116693A1 (en) 2015-10-27 2017-04-27 Verimatrix, Inc. Systems and Methods for Decentralizing Commerce and Rights Management for Digital Assets Using a Blockchain Rights Ledger
WO2017078657A1 (en) 2015-11-03 2017-05-11 Intel IP Corporation Apparatus, system and method of cellular-assisted establishing of a secured wlan connection between a ue and a wlan ap
EP3438902B1 (en) 2015-12-14 2021-04-28 Coinplug, Inc System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
US10013573B2 (en) 2015-12-16 2018-07-03 International Business Machines Corporation Personal ledger blockchain
US9642167B1 (en) 2015-12-17 2017-05-02 Cisco Technology, Inc. Location-based VoIP functions in a wireless network
US9948467B2 (en) 2015-12-21 2018-04-17 Mastercard International Incorporated Method and system for blockchain variant using digital signatures
JP7005499B2 (en) 2015-12-21 2022-01-21 クゥアルコム・インコーポレイテッド Preamble design aspects for high efficiency wireless local area networks
US10419940B2 (en) 2015-12-21 2019-09-17 Cable Television Laboratories, Inc. Systems and methods of adaptive mitigation for shared access
CN106936657B (en) 2015-12-30 2020-01-03 华为技术有限公司 Method, device and system for realizing time delay detection
WO2017127564A1 (en) * 2016-01-19 2017-07-27 Priv8Pay, Inc. Network node authentication
US9825931B2 (en) 2016-01-26 2017-11-21 Bank Of America Corporation System for tracking and validation of an entity in a process data network
US9980220B2 (en) 2016-02-01 2018-05-22 Cisco Technology, Inc. Low power wireless communication device and remote management techniques
US10679215B2 (en) 2016-02-22 2020-06-09 Bank Of America Corporation System for control of device identity and usage in a process data network
KR101637868B1 (en) 2016-02-22 2016-07-08 주식회사 코인플러그 Financial institution document verification system that is based on the block chain
US10624107B2 (en) 2016-03-10 2020-04-14 Cable Television Laboratories, Inc. System and method for network controlled dynamic small cell management
US20170273083A1 (en) 2016-03-16 2017-09-21 Qualcomm Incorported Tone plan adaptation for channel bonding in wireless communication networks
US20170302663A1 (en) 2016-04-14 2017-10-19 Cisco Technology, Inc. BLOCK CHAIN BASED IoT DEVICE IDENTITY VERIFICATION AND ANOMALY DETECTION
WO2017187011A1 (en) 2016-04-27 2017-11-02 Nokia Technologies Oy User related information management for mobile edge computing
GB201607476D0 (en) 2016-04-29 2016-06-15 Eitc Holdings Ltd Operating system for blockchain IOT devices
US10333705B2 (en) * 2016-04-30 2019-06-25 Civic Technologies, Inc. Methods and apparatus for providing attestation of information using a centralized or distributed ledger
US9998381B2 (en) 2016-05-05 2018-06-12 International Business Machines Corporation Quality of service for high network traffic events
KR102663043B1 (en) * 2016-05-12 2024-05-10 인터디지탈 패튼 홀딩스, 인크 Connecting to virtualized mobile core networks
KR101799343B1 (en) 2016-05-16 2017-11-22 주식회사 코인플러그 Method for using, revoking certificate information and blockchain-based server using the same
KR101780636B1 (en) 2016-05-16 2017-09-21 주식회사 코인플러그 Method for issuing certificate information and blockchain-based server using the same
US11204597B2 (en) 2016-05-20 2021-12-21 Moog Inc. Outer space digital logistics system
US10108954B2 (en) 2016-06-24 2018-10-23 PokitDok, Inc. System and method for cryptographically verified data driven contracts
EP3482602B1 (en) 2016-07-05 2023-10-18 Apple Inc. Systems, methods and devices for control-user plane separation for 5g radio access networks
CA3032307A1 (en) 2016-08-03 2018-02-08 Mad Minute Ip Holdco Inc. Modular gun silencer
WO2018028777A1 (en) 2016-08-10 2018-02-15 Rwe International Se Peer-to-peer communication system and peer-to-peer processing apparatus
CN107784748B (en) 2016-08-24 2020-02-07 深圳市图灵奇点智能科技有限公司 Self-service charging terminal based on distributed accounting
US10915873B2 (en) 2016-08-30 2021-02-09 Eric Martin System and method for providing mobile voice, data, and text services to subscribers using cryptocurrency
US10361969B2 (en) 2016-08-30 2019-07-23 Cisco Technology, Inc. System and method for managing chained services in a network environment
US10326204B2 (en) 2016-09-07 2019-06-18 Cisco Technology, Inc. Switchable, oscillating near-field and far-field antenna
US20180084427A1 (en) 2016-09-16 2018-03-22 Zte Corporation Security features in next generation networks
WO2018053271A1 (en) 2016-09-16 2018-03-22 Idac Holdings, Inc. Unified authentication framework
EP3525389B1 (en) 2016-10-04 2021-02-17 Nec Corporation Embedded sim management system, node device, embedded sim management method, program, and information registrant device
US10742522B2 (en) 2016-11-14 2020-08-11 Huawei Technologies Co., Ltd. Creation and modification of shareable slice instances
JP6533771B2 (en) 2016-11-15 2019-06-19 富士通株式会社 Communication method, apparatus and program
EP3454238B1 (en) * 2016-12-23 2022-02-09 CloudMinds (Shanghai) Robotics Co., Ltd. Registration and authorization method, device and system
US11468439B2 (en) 2017-01-12 2022-10-11 American Express Travel Related Services Company, Inc. Systems and methods for blockchain based proof of payment
US10164983B2 (en) 2017-01-20 2018-12-25 Verizon Patent And Licensing Inc. Distributed authentication for internet-of-things resources
US10810290B2 (en) 2017-03-05 2020-10-20 Ronald H Minter Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates
US10972291B2 (en) 2017-03-31 2021-04-06 Intel Corporation Securing communications
KR102414732B1 (en) 2017-04-05 2022-06-28 삼성에스디에스 주식회사 Method for managing Digital Identity based on Blockchain
US20180374094A1 (en) 2017-06-22 2018-12-27 Mastercard International Incorporated Method and system for indexing consumer enrollment using blockchain
US11132704B2 (en) 2017-07-06 2021-09-28 Mastercard International Incorporated Method and system for electronic vouchers via blockchain
US10123202B1 (en) * 2017-07-11 2018-11-06 Verizon Patent And Licensing Inc. System and method for virtual SIM card
US20190058709A1 (en) 2017-08-16 2019-02-21 Telefonaktiebolaget Lm Ericsson (Publ) Tenant management method and system in a cloud computing environment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200057860A1 (en) * 2018-08-20 2020-02-20 Cisco Technology, Inc. Blockchain-based auditing, instantiation and maintenance of 5g network slices
US10949557B2 (en) * 2018-08-20 2021-03-16 Cisco Technology, Inc. Blockchain-based auditing, instantiation and maintenance of 5G network slices
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities
US11838854B2 (en) 2021-07-06 2023-12-05 Cisco Technology, Inc. 5G network slicing and resource orchestration using holochain

Also Published As

Publication number Publication date
WO2019237058A1 (en) 2019-12-12
WO2019237073A1 (en) 2019-12-12
EP3804378A1 (en) 2021-04-14
US10505718B1 (en) 2019-12-10
EP3804377A1 (en) 2021-04-14
US10491376B1 (en) 2019-11-26
US20190379530A1 (en) 2019-12-12

Similar Documents

Publication Publication Date Title
US10505718B1 (en) Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform
US10742396B2 (en) Securing communications for roaming user equipment (UE) using a native blockchain platform
US11818608B2 (en) Third party charging in a wireless network
US12127106B2 (en) Apparatus, system and method for enhancements to network slicing and the policy framework of a 5G network
US11689920B2 (en) System and method for security protection of NAS messages
EP3627793B1 (en) Session processing method and device
CN107615732B (en) Method for admitting session into virtual network and mobility management function entity
US11871223B2 (en) Authentication method and apparatus and device
WO2020224622A1 (en) Information configuration method and device
WO2022222745A1 (en) Communication method and apparatus
US10887754B2 (en) Method of registering a mobile terminal in a mobile communication network
CN113676904B (en) Slice authentication method and device
US20220303935A1 (en) Amf re-allocation solution with network slice isolation
WO2023045472A1 (en) Communication method, apparatus and system
KR20230156685A (en) Method, device, and system for core network device reallocation in a wireless network
WO2021073382A1 (en) Registration method and apparatus
CN115996378A (en) Authentication method and device
US20230336535A1 (en) Method, device, and system for authentication and authorization with edge data network
KR102719952B1 (en) Apparatus and method for provisioning subscription data to non-subscription registered user equipment in wireless communication system
WO2022027529A1 (en) Method and apparatus for slice authentication
CN117201046A (en) Authentication method and communication device
CN117641342A (en) Communication method and device
CN116996985A (en) Communication method and device based on edge network
CN117641311A (en) Communication method and communication device

Legal Events

Date Code Title Description
AS Assignment

Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SUTHAR, OM PRAKASH;DODD-NOBLE, AENEAS SEAN;RAYES, AMMAR;AND OTHERS;SIGNING DATES FROM 20180817 TO 20180914;REEL/FRAME:046904/0671

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4