In an example embodiment, A PICNEEC is provided. It includes one or more Virtual Customized Rules Enforcer (VCRE) instances, each VCRE instance corresponding to a group of mobile devices and defining a set of policies personalized for the group of mobile devices. Each VCRE is configured to, upon receiving a data packet communicated between a packet-based network and a mobile device in the corresponding group via a radio network, execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet. Each VCRE instance is controlled independently of one another via direct accessing of the VCRE instance by a different customer of the mobile network provider.

In an example embodiment, A PICNEEC is provided. It includes one or more Virtual Customized Rules Enforcer (VCRE) instances, each VCRE instance corresponding to a group of mobile devices and defining a set of policies personalized for the group of mobile devices. Each VCRE is configured to, upon receiving a data packet communicated between a packet-based network and a mobile device in the corresponding group via a radio network, execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet. Each VCRE instance is controlled independently of one another via direct accessing of the VCRE instance by a different customer of the mobile network provider.

A wireless communication system transmits information to a communication terminal moving through a spot wireless area. In an integrated base station, an external information communication section controls communication with a server. A contents memory section stores contents received from the server. A wireless LAN communication section communicates with the communication terminal. A control section establishes connection with the communication terminal using a first connection not requiring an authentication procedure for connection with the communication terminal or using a second connection requiring the authentication procedure for connection with the communication terminal. An access control (restriction) section permits access from the communication terminal to the contents memory section and prohibits access to the server when a type of connection with the communication terminal is the first connection and permits access from the communication terminal to the contents memory section and to the server in the case of the second connection.

A wireless communication system transmits information to a communication terminal moving through a spot wireless area. In an integrated base station, an external information communication section controls communication with a server. A contents memory section stores contents received from the server. A wireless LAN communication section communicates with the communication terminal. A control section establishes connection with the communication terminal using a first connection not requiring an authentication procedure for connection with the communication terminal or using a second connection requiring the authentication procedure for connection with the communication terminal. An access control (restriction) section permits access from the communication terminal to the contents memory section and prohibits access to the server when a type of connection with the communication terminal is the first connection and permits access from the communication terminal to the contents memory section and to the server in the case of the second connection.

Procedures, methods, architectures, apparatuses, systems, devices, and computer program products directed to messaging through blockchain networks are provided. Among such methods is a method that may be implemented in a device comprising circuitry, including a transmitter, a receiver and a processor, and may include any of receiving a request to send a message including a message and information indicating a source of the message, a destination of the message and a distributed ledger system; determining a first node associated with a distributed ledger system based, at least in part, the information indicating the distributed ledger system and the information indicating the destination; generating a transaction for the message; and sending the transaction to a second node of the distributed ledger system.

Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server. The method yet further includes providing a response indicating that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server.

Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server. The method yet further includes providing a response indicating that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server.

A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

A method for providing call intelligence to a signaling firewall in a communications network includes collecting, by a network security service component, call session data from incoming and outgoing calls involving a mobile device and providing, by the network security service component, the call session data to a signaling firewall via an application programming interface (API). The method further includes receiving, by the signaling firewall, an update location request message associated with the mobile device, extracting signaling message information that includes current location data and timestamp data from the received update location request message, and utilizing the current location data and the timestamp data to identify a correlated portion of the call session data. The method further includes providing the signaling message information and the correlated portion of the call session data to a security analytics engine platform for a location validation assessment and allowing or rejecting, by the signaling firewall, the update location request message based on location validation assessment data received from the security analytics engine platform.