Systems, apparatuses, and methods are described for configuring route selection policies. A user device may send, to a computing device, a route selection policy request to update route selection policy rules for applications and/or services of the user device. The computing device may determine the route selection policy rules for the applications and/or services based on various criteria. The computing device may send the determined route selection policy rules to the user device. If the user device does not accept the determined route selection policy rules, the user device may send, to the computing device, a negotiation request to obtain other route selection policy rules for the applications and/or services.

A method for utilizing quality of service information in a network with tunneled backhaul is disclosed, comprising: establishing a backhaul bearer at a base station with a first core network, the backhaul bearer established by a backhaul user equipment (UE) at the base station, the backhaul bearer having a single priority parameter, the backhaul bearer terminating at a first packet data network gateway in the first core network; establishing an encrypted internet protocol (IP) tunnel between the base station and a coordinating gateway in communication with the first core network and a second core network; facilitating, for at least one UE attached at the base station, establishment of a plurality of UE data bearers encapsulated in the secure IP tunnel, each with their own QCI; and transmitting prioritized data of the plurality of UE data bearers via the backhaul bearer and the coordinating gateway to the second core network.

A method for utilizing quality of service information in a network with tunneled backhaul is disclosed, comprising: establishing a backhaul bearer at a base station with a first core network, the backhaul bearer established by a backhaul user equipment (UE) at the base station, the backhaul bearer having a single priority parameter, the backhaul bearer terminating at a first packet data network gateway in the first core network; establishing an encrypted internet protocol (IP) tunnel between the base station and a coordinating gateway in communication with the first core network and a second core network; facilitating, for at least one UE attached at the base station, establishment of a plurality of UE data bearers encapsulated in the secure IP tunnel, each with their own QCI; and transmitting prioritized data of the plurality of UE data bearers via the backhaul bearer and the coordinating gateway to the second core network.

Systems and techniques are provided for obscured routing. A computing device may send stacks of identifiers to neighbor computing devices in a network. Each stack of identifiers may include a unique identifier for the neighbor computing device to which it is sent. The computing device may send a notification identifying a destination computing device to the neighbor computing devices. The computing device may receive stacks of identifiers from the neighbor computing devices. The received stacks of identifiers may include completed routes to the destination computing device. Each completed route may be specified by unique identifiers added to the stack of identifiers by computing devices in the network. A unique identifier in each stack of identifiers may not be resolvable to an address by the computing device. The computing device may send a message a neighbor computing device based on a unique identifier in a chosen stack of identifiers.

A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

The present invention relates to methods and apparatus for reducing delay while providing secure communications between nodes. An exemplary method embodiment includes a first node performing the steps of: identifying packets corresponding to a first communications session, the first communications session corresponding to a first application type; segmenting at least a first packet corresponding to the first communications session into at least a first packet portion and a second packet portion, the first packet including a first packet header and a first packet payload, the first packet portion including at least a portion of the first packet header, the second packet portion including at least a portion of the first packet payload; communicating, in encrypted form, the first packet portion from the first node to a security function node; and communicating, in unencrypted form, the second packet portion from the first node to the security function node.

The present invention relates to methods and apparatus for reducing delay while providing secure communications between nodes. An exemplary method embodiment includes a first node performing the steps of: identifying packets corresponding to a first communications session, the first communications session corresponding to a first application type; segmenting at least a first packet corresponding to the first communications session into at least a first packet portion and a second packet portion, the first packet including a first packet header and a first packet payload, the first packet portion including at least a portion of the first packet header, the second packet portion including at least a portion of the first packet payload; communicating, in encrypted form, the first packet portion from the first node to a security function node; and communicating, in unencrypted form, the second packet portion from the first node to the security function node.

A method performed by a network equipment of a communication network to dynamically provide trust information to a communication device registered or being registered to the communication network is provided. The method includes determining a trust information for each of one or more access networks. The trust information indicates whether each of the one or more access networks is trusted. The method further includes indicating to the communication device whether the one or more access networks is trusted for a current session or a later session. A method performed by a communication device registered or being registered with a communication network to dynamically receive trust information is also provided. The method includes receiving a message including a protected trust information list from a network equipment. The method further includes verifying the protection of the message. The method further includes storing the protected trust information list.

Methods to support User Plane Separation (UPS) and User Plane Local offloading (UPL) for Fifth Generation (5G) non-Third Generation Partnership Project (3GPP) access are provided, including solutions for untrusted non-3GPP, trusted non-3GPP, and fixed/wireline communications via a Non-3GPP interworking Function (N3IWF) node. Three UPS solutions methods are provided, as well as UPL solution methods for 5G non-3GPP access involving N3IWFs with or without separated Control Plane (CP) and User Plane (UP) that are combined with a User Plane Function (UPF). Solutions to allow multiple CP entities to control the same single UP entity are also provided.