A method for determining analytics for service experience for a Network Slice instance in a network comprising one or more network entities is provided. The method includes obtaining first information for determining a mapping between a set of one or more user equipment (UEs) and a set of one or more Network Slice instances, obtaining second information for determining the analytics of the set of one or more UEs, and determining the analytics for a Network Slice instance based on the first information and the second information.

A method for supporting authentication of a User Equipment, UE, in an Internet Protocol, IP, Multimedia Subsystem, IMS, telecommunication network, by interfacing a Service Based Architecture, SBA, telecommunication network, the method including receiving, by a Unified Data Management, UDM, in the SBA telecommunication network, from a Session Management Function, SMF, in the SBA telecommunication network, binding information, wherein the binding information is used to identify the UE in the IMS telecommunication network; receiving, by the UDM in the SBA telecommunication network, from a Home Subscriber Server, in the IMS telecommunication network, a request for providing the binding information, and providing, by the UDM in the SBA telecommunication network, to the HSS in the IMS telecommunication network the binding information, thereby supporting authentication of the UE. Complementary methods and corresponding nodes are also presented herein.

The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Disclosed herein is a method and system for detecting, monitoring and/or controlling one or more of mobile services for a mobile communication device (also referred to herein as a Controllable Mobile Device or CMD), and in particular, when the device is being used and the vehicle, operated by the user of the device, is moving. The present method and system determines whether the vehicle is being operated by a user that may also have access to a mobile communication device which, if used concurrently while the vehicle is in operation, may lead to unsafe operation of the vehicle. If the mobile services control system determines that a vehicle operator has potentially unsafe access to a mobile communication device, the mobile services control system may restrict operator access to one or more services that would otherwise be available to the operator via the mobile communication device.

Disclosed herein is a method and system for detecting, monitoring and/or controlling one or more of mobile services for a mobile communication device (also referred to herein as a Controllable Mobile Device or CMD), and in particular, when the device is being used and the vehicle, operated by the user of the device, is moving. The present method and system determines whether the vehicle is being operated by a user that may also have access to a mobile communication device which, if used concurrently while the vehicle is in operation, may lead to unsafe operation of the vehicle. If the mobile services control system determines that a vehicle operator has potentially unsafe access to a mobile communication device, the mobile services control system may restrict operator access to one or more services that would otherwise be available to the operator via the mobile communication device.

Improving wireless service subscriber experiences by dynamically managing wireless communication resources using a big data analytic mechanism is presented herein. A method can include receiving, by a system comprising a processor via a software-based interface of a control plane of a communication network, service data corresponding to a request for a wireless communication service; receiving, by the system via the software-based interface of the control plane, contextual data corresponding to a subscription of the wireless communication service; receiving, by the system via the software-based interface of the control plane, network data corresponding to data packet transmissions of a network device within a data plane of the communication network; and configuring, by the system via the software-based interface of the control plane based on a defined set of policies, the service data, the contextual data, and the network data, a resource of the data plane corresponding to the wireless communication service.

Improving wireless service subscriber experiences by dynamically managing wireless communication resources using a big data analytic mechanism is presented herein. A method can include receiving, by a system comprising a processor via a software-based interface of a control plane of a communication network, service data corresponding to a request for a wireless communication service; receiving, by the system via the software-based interface of the control plane, contextual data corresponding to a subscription of the wireless communication service; receiving, by the system via the software-based interface of the control plane, network data corresponding to data packet transmissions of a network device within a data plane of the communication network; and configuring, by the system via the software-based interface of the control plane based on a defined set of policies, the service data, the contextual data, and the network data, a resource of the data plane corresponding to the wireless communication service.

In a method for securing access to a service, a device is set in a restricted operation mode that allows addressing only a first server and that is associated with a first identifier relating to a first connectivity gateway. The device accesses the first identifier and a subscription profile that is active during the restricted operation mode. The first server receives from the device a request for enrolling a device user and at least one feature relating to a user identity. The first server verifies whether the user identity feature is valid. If the user identity feature is valid, the first server sends to the device a command for deactivating the restricted operation mode. The device deactivates the restricted operation mode while storing, instead of the first identifier, a second identifier relating to a second connectivity gateway. The second identifier allows accessing a second server that manages the service.

In a method for securing access to a service, a device is set in a restricted operation mode that allows addressing only a first server and that is associated with a first identifier relating to a first connectivity gateway. The device accesses the first identifier and a subscription profile that is active during the restricted operation mode. The first server receives from the device a request for enrolling a device user and at least one feature relating to a user identity. The first server verifies whether the user identity feature is valid. If the user identity feature is valid, the first server sends to the device a command for deactivating the restricted operation mode. The device deactivates the restricted operation mode while storing, instead of the first identifier, a second identifier relating to a second connectivity gateway. The second identifier allows accessing a second server that manages the service.

Apparatuses, methods, and systems are disclosed for creating a network slice section policy (“NSSP”) rule. One apparatus includes a processor and a transceiver for communicating with a network function in a mobile communication network. The processor receives a first request from the network function, the first request comprising a list of one or more application identifiers and a corresponding application profile and application provider for each application identifier. The processor determines one or more network slice identifiers for each application identifier using the corresponding application profile and application provider. The processor also creates a NSSP rule for each application identifier in the list of application identifiers, the NSSP rule containing the application identifier and the associated one or more network slice identifiers.