Abstract: A method for determining a vulnerability of a network node. The method includes a master security management node obtaining security patch information regarding one or more security patches installed on the network node. The method also includes the master security management node using the security patch information to determine a first vulnerability value for the network node. The method also includes the master security management node obtaining a set of other vulnerability values for the network node, wherein each other vulnerability value was determined by different security management node. The method also includes the master security management node determining, based on the set of other vulnerability values, whether a consensus regarding the vulnerability level of the network node has been reached. If the master security management node determines that a consensus regarding the vulnerability level of the network node has been reached, the first vulnerability value is assigning to the network node.

Abstract: Methods and network devices implement a lawful interception (LI) trigger control function as an LI target handler and a modified trigger control function. A generic LI triggering interface enables the modified trigger control function to query the LI target handler regarding whether entities using a network function instance are in a target list. The LI target handler has to meet the LI security requirements, but the modified trigger control function does not have to meet such requirements.

Abstract: The invention relates to a method for operating a slice management entity (100) configured to manage a network slice of a cellular network, the method comprising: —periodically determining a trust level of the network slice based on time dependent trust values of network components used by the network slice, —determining whether the determined trust level of the network slice is lower than a minimum threshold level, wherein in the affirmative, —adapting a controlling of at least one of the network components of the network slice to obtain a new trust value for the at least one network component, wherein the new trust level of the network slice is above the minimum threshold level and is calculated taking into account the new trust value of the adapted controlling of the at least one network component.

Abstract: A lawful interception provisioning function, LIPF (113) and a system information retrieval function, SIRF (114), communicate with each other via the X1 and X2 protocols. The LIPF (113) obtains, from the SIRF (114), information pertaining to a network function, NF(107), which is an instance of a virtual network function, VNF, in a telecommunication 5network (100), where said information is unrelated to any LI target and any task associated with a point of interception, POI (135), in the NF (107).

Abstract: A method, performed by a first entity (111), for providing a service in a communications network (100). The first entity (111) obtains (701), from a second entity (112), a request. The request is for one or more links (118) to be allocated to a first network slice to provide a service via one or more paths (117). The (118) connect one or more nodes (115). The request indicates at least one of: a) one or more requirements to be met by the links (118), and b) a first priority to be assigned to the first network slice. The first entity (111) determines (702) the links (118) to be allocated to the first network slice. The determining (701) is based on the one or more requirements, the first priority, and a set of available resources. The first entity (111) sends (705), to another entity (112, 113), an indication based on the determined links (118).

Abstract: A method (200) performed by a communication device hosting a network element, NE, the method comprising:- preparing (202) a Report Issue request message for reporting an Issue;- incrementing (204) an Issue count to obtain a current Issue count of Issues reported by the NE to a lawful interception, LI, administrative function, ADMF;- adding (206) the current Issue count to the Report Issue request message; - sending (208) the Report Issue request message (610) including the current Issue count to the LI ADMF;-receiving (210) a request message (620) from the LI ADMF requesting information about at least one Report Issue request message sent by the NE and not received by the LI ADMF; and- sending (212) a response message (622) including the requested information.

Abstract: A method, performed by a first entity (111), for providing a service in a communications network (100). The first entity (111) obtains (701), from a second entity (112), a request. The request is for one or more links (118) to be allocated to a first network slice to provide a service via one or more paths (117). The (118) connect one or more nodes (115). The request indicates at least one of: a) one or more requirements to be met by the links (118), and b) a first priority to be assigned to the first network slice. The first entity (111) determines (702) the links (118) to be allocated to the first network slice. The determining (701) is based on the one or more requirements, the first priority, and a set of available resources. The first entity (111) sends (705), to another entity (112, 113), an indication based on the determined links (118).

Abstract: The invention relates to methods, communication devices, computer programs and computer program products related to Lawful Interception, LI. An LI, Administration Function, ADMF, sends a request over an X1 interface to a Network Element, NE, that is configured to perform an action associated with an LI, to add information associated with a destination or modify information of an existing destination for a message to be sent from the NE to the LI ADMF over the X1 interface. The NE receives the request, adds information associated with a destination or modifies information of an existing destination, and sends a response to the LI ADMF over the X1 interface, wherein the response comprises a result associated with the request.

Abstract: A service interruption manager function, SIMF, receives information that indicates that lawful interception, LI, service interruption associated with an LI task has occurred. Based on the received information, a determination is made of a status regarding the LI service interruption associated with the LI task, for example a determination whether the LI service interruption associated with the LI task has a current status that is any of: terminated, ongoing or initiated. A message is then transmitted, to a delivery function, DF, via an HI2 interface, the message comprising at least the determined status regarding the LI service interruption.

Abstract: A technique of authenticating an operator of a wireless terminal device is presented, wherein the first terminal device comprises a subscriber identity module (SIM) and wherein a subscription identifier is stored in the SIM. A method aspect of this technique comprises receiving the subscription identifier or a temporary identifier associated with the subscription identifier. The method aspect also comprises receiving a first set of biometric data of the operator, wherein the first set of biometric data has been entered by the operator at the terminal device, and sending a database request towards a subscriber database in a core network domain of a wireless communication system, the database request including the subscription identifier or the temporary identifier.

Abstract: A method for allocating a plurality of virtual machines (51-55) provided on at least one host (11-15) to a virtualized network function is provided, which provides a defined functional behavior in a network and requires a total application capacity for the functional behavior, the functional behavior being provided by needed virtual machines from the plurality of virtual machines, wherein each of the at least one host has an available processing capacity which can be assigned to the virtual machines provided on the corresponding host, and each virtual machine has at least one flavor which indicates a used processing capacity of the available processing capacity of the corresponding host and which corresponds to a partial application capacity of the total application capacity provided by the corresponding virtual machine, the method comprising: —determining the total application capacity of the virtualized network function, —determining, for each of the virtual machines, the at least one flavor taking into acc

Abstract: Methods and network devices implement a lawful interception (LI) trigger control function as an LI target handler and a modified trigger control function. A generic LI triggering interface enables the modified trigger control function to query the LI target handler regarding whether entities using a network function instance are in a target list. The LI target handler has to meet the LI security requirements, but the modified trigger control function does not have to meet such requirements.

Abstract: The present disclosure provide a node and method performed in the node for connecting at least two Lawful Interception (LI) sites (110) to the same Physical Networks Function (PNF) comprising a Point Of Interception (POI) or Virtual Networks Function (VNF) (140) comprising a virtualised Point Of Interception (vPOI) (142) controlled by a Triggering Control Function (TCF) (146), for lawful interception of the data communication sessions of targets defined by warrants comprising information identifying the targets, wherein said node (200) is adapted to configure the POIs/vPOIs/TCFs according to LI sites requests and policy requirements for each LI site, the node comprises a multi LI Site Database, mLSDB, (212) enabling the POI or vPOI/TCF to serve more than one LI site at the same time.

Abstract: A method, performed by a first entity (111), for providing a service in a communications network (100). The first entity (111) obtains (701), from a second entity (112), a request. The request is for one or more links (118) to be allocated to a first network slice to provide a service via one or more paths (117). The (118) connect one or more nodes (115). The request indicates at least one of: a) one or more requirements to be met by the links (118), and b) a first priority to be assigned to the first network slice. The first entity (111) determines (702) the links (118) to be allocated to the first network slice. The determining (701) is based on the one or more requirements, the first priority, and a set of available resources. The first entity (111) sends (705), to another entity (112, 113), an indication based on the determined links (118).

Abstract: A Software Defined Network (SDN) comprises a plurality of resources including Network Elements (NEs) and network links connecting the NEs. A method comprises receiving a request to provision an SDN Datapath in the SDN. The request comprises performance metrics for the SDN Datapath and a geographic constraint to be applied to resources used in provisioning the SDN Datapath. The method further comprises assembling a candidate set of resources to provision the SDN Datapath and initiating provision of the SDN Datapath using resources selected from the candidate set. Assembling a candidate set of resources to provision the SDN Datapath comprises obtaining a geographic location attribute of resources in the SDN and populating the candidate set with those resources having a geographic location attribute satisfying the received geographic constraint.

Abstract: Network slice providers and resource providers in a communication network are configured to cause various records related to a smart contract for one or more resources to be stored in a permissioned blockchain. The records include an allocation, a deallocation and monitoring records related to the resource(s). When the resources are released, the blockchain records ease settling slice beneficiaries' financial obligations.

Abstract: A method (200) of managing a communications network comprising a plurality of hosts by allocating instances of virtual network function components, VNFC, to hosts, the method comprising receiving (210) a request for allocation of an instance of a VNFC to a host, the instance belonging to an anti-affinity group, AAG, of instances and attempting allocation (220) of the instance to a host. If allocation of the instance fails (230) because for each host considered for allocation of the instance a first number of instances, WA, belonging to the AAG that are allocable to a single host would be exceeded by allocation of the instance to the host the method comprises assigning (232) to the instance a second number of instances, WA?, belonging to the AAG that are allocable to a single host, wherein WA? is greater than WA and reattempting allocation (234) of the instance.

Abstract: A technique for resolving a link failure occurring on a link between a first virtualized network function, VNF, and a second VNF provided in a cloud computing environment is disclosed. A method implementation of the technique is performed by the first VNF and comprises receiving a link failure notification comprising link recovery status information indicating a current recovery status of the link, and triggering an action depending on the link recovery status information to resolve the link failure.

Abstract: It is disclosed a method, an arrangement and a computer program for configuring a secure domain, SD, in a network functions virtualization infrastructure. The SD comprises virtual objects handling privileged information. NS instance information of a virtual object is obtained based on input from a party associated with the SD. The NS instance information is searched for a level of confidentiality and a geographic location information. When having identified the level of confidentiality and the geographic location information, the virtual object is allocated to the SD according to the geographic location information, based on the level of confidentiality and a specific role of the party. It is an advantage that access to a SD is allowed or granted based on the specific role of the party.

Abstract: Managing a communications network involves allocating hosts (100) for instances (105) of a virtual network function component (155). From a request to allocate, a number N is obtained indicating a minimum number of the instances to be available, and a number M indicating how many additional instances are to be allocated. If the allocations are requested to be to different hosts (anti affinity) and if the sharing of the instances by the virtual network function component can be adapted in the event of unavailability, then allocating is carried out automatically (230) of N+M of the instances to less than N+M of the hosts, so that if any one of the allocated hosts becomes unavailable there are sufficient hosts so that the virtual network function component can still be shared across at least N of the instances. Fewer hosts are needed, saving costs.