Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.

Embodiments of the present invention pertain to the communication field and disclose a method and device for selecting a serving gateway entity. The method includes: receiving an access request message of a user equipment UE sent by a base station, where the access request message includes location information of the base station; acquiring, according to the location information of the base station, a signaling plane address list of serving gateway entities SGWs serving the UE; and selecting, according to failure information of paths between the SGWs and neighboring network elements of the SGWs and the acquired signaling plane address list of SGWs serving the UE, an SGW having no failed path to a neighboring network element of the SGW to serve the UE. The device includes: a receiving module, an acquiring module, and a selecting module.

A method, system and computer-usable medium are disclosed for proactive data hinting in a telecom network. In certain embodiments, the invention relates to receiving a data hinting request for an application at a virtual network framework of the telecom network. A dedicated hinting channel is selected to provide the proactive data hinting; monitoring for the hinting request. Data is moved from the resource, such as edge cloud computing, where the application is implemented when the proactive data hinting is received. The application is used by user equipment, access points and Internet of Things (IoT) devices.

A method and apparatus provide for security for restricted local operator services. At least one of a restricted local operator services indication and security capabilities associated with the restricted local operator services can be sent. A non-access stratum key exchange request including a symmetric root key can be received. The symmetric root key can be encrypted with a public key. The non-access stratum key exchange request can be acknowledged. A non-access stratum security key can be derived with the symmetric root key. Radio interface keys for user plane and radio resource control can be derived with the symmetric root key.

Aspects of the disclosed technology address limitations relating to packet replication for multi-destination traffic, by providing methods for performing hardware-based replication in network infrastructure devices, such as switches. In some aspects, application specific integrated circuits (ASICs) resident in physical devices can be used to perform packet replication. Depending on implementation, a hardware-based replication process can include steps for receiving a first packet that includes a first outer header containing first address information, receiving a second packet including a second outer header containing a hardware replication flag, forwarding the first packet to all virtual tunnel endpoints (VTEPs) connected with the TOR switch, and performing hardware replication for the second packet based on the hardware replication flag to generate one or more unicast packets. Systems and machine readable media are also provided.

Aspects of the disclosed technology address limitations relating to packet replication for multi-destination traffic, by providing methods for performing hardware-based replication in network infrastructure devices, such as switches. In some aspects, application specific integrated circuits (ASICs) resident in physical devices can be used to perform packet replication. Depending on implementation, a hardware-based replication process can include steps for receiving a first packet that includes a first outer header containing first address information, receiving a second packet including a second outer header containing a hardware replication flag, forwarding the first packet to all virtual tunnel endpoints (VTEPs) connected with the TOR switch, and performing hardware replication for the second packet based on the hardware replication flag to generate one or more unicast packets. Systems and machine readable media are also provided.

Provided are systems, methods, and computer products for interactive cable routing and planning optimization for customized hardware configurations. An example method includes receiving a set of cable characteristics and a set of user selections, in which the set of user selections are received via a graphical user interface (GUI). Identifying possible cabling routes for a hardware configuration based, at least in part, on available plug start and termination locations. Ranking each of the possible cabling routes based, at least in part, on a prioritized list of optimization criteria and the set of cable characteristics. Generating a suggested cabling configuration for one or more applications based, at least in part, on the set of cable characteristics, the set of user selections, and the ranking. Outputting the suggested cabling configuration to the user by at least providing a three-dimensional view of the suggested cabling configuration via the GUI.

Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.

Methods, systems, and devices for wireless communication are described that support security key derivation for handover. A network entity (e.g., an access and mobility function (AMF)) may establish an access stratum (AS) key to ensure secure communications between a user equipment (UE) and a base station. If the UE relocates to a new network entity (e.g., target network entity), the initial network entity (e.g., source network entity) may perform a handover procedure to the target network entity. In some aspects, the network entities may derive a unified AS key for the handover procedure. Additionally, the network entities may utilize one or more intermediate keys (e.g., refreshed intermediate keys) derived from, in part, respective freshness parameters for the handover procedure. The target network entity may then utilize the derived intermediate keys to derive the AS key for the handover procedure and establish communications with the UE.

Methods, systems, and devices for wireless communication are described that support security key derivation for handover. A network entity (e.g., an access and mobility function (AMF)) may establish an access stratum (AS) key to ensure secure communications between a user equipment (UE) and a base station. If the UE relocates to a new network entity (e.g., target network entity), the initial network entity (e.g., source network entity) may perform a handover procedure to the target network entity. In some aspects, the network entities may derive a unified AS key for the handover procedure. Additionally, the network entities may utilize one or more intermediate keys (e.g., refreshed intermediate keys) derived from, in part, respective freshness parameters for the handover procedure. The target network entity may then utilize the derived intermediate keys to derive the AS key for the handover procedure and establish communications with the UE.