Abstract: A method of operating a core network node in a communication system includes receiving, at a first network function, a registration message from a radio access network node to register a user equipment, UE, and, responsive to the registration message, transmitting a request for information on whether network slices associated with the UE are subject to Network Slice-Specific Authentication and Authorization, NSSAA. Responsive to the request, the method receives a response message including Single-Network Slice Selection Assistance Information, S-NSSAI, information associated with the UE, the S-NSSAI information including NSSAA status information relating to the S-NSSAI information, and determines whether to initiate an NSSAA procedure with the UE based on the S-NSSAI information. Related network nodes are disclosed.

Abstract: A method, performed by a first node (111), for handling subscriptions in a communications network (100). The first node (111) operates in the communications network (100). The first node (111) sends (303), to a second node (112), a first indication. The first indication requests subscription to report new accessibility for a device (140) to a second domain different than a first domain currently accessible by the device (140). The first node (111) receives (304) a second indication from the second node (112). The second indication indicates the new accessibility by the device (140) to the second domain. A fifth node (115) receives (501), from the first node (111), a fifth indication indicating a notification of an event by the device (140) after the new accessibility has been enabled. The fifth indication is received based on a previous indication sent by the fifth node (115) prior to the new accessibility has been enabled.

Abstract: According to some embodiments, a method performed by a network node capable of operating as an authentication server function (AUSF) comprises generating an anchor key (KAKMA) and a KAKMA key identifier (KAKMA ID) associated with a wireless device and transmitting, to at least one authentication and key management for applications (AKMA) anchor function (AAnF) instance, key material associated with the wireless device.

Abstract: There is provided mechanisms for indicating IMS voice support over PS for a UE in a PLMN. A method is performed by an AMF of the PLMN. The method comprises obtaining a trigger for the AMF to indicate IMS voice support over PS for the UE in the PLMN. The method comprises obtaining information of IMS voice support over PS for the UE in the PLMN. The method comprises providing, based on the information, an indication to a radio access network serving the UE in the PLMN. The indication specifies the IMS voice support over PS for the UE in the PLMN.

Abstract: The present disclosure relates to provisioning of a UE with credentials to access a communication network, such as a SNPN. A DCS maintains a binding of UE onboarding credentials and a UE identifier with network information for the authorized SNPN. After obtaining the network information from the DCS, the onboarding network requests authorization from a provisioning server (190) in the SNPN to initiate a provisioning procedure with the SNPN. The provisioning server (190) verifies that the UE is authorized to access the SNPN and determines the type of provisioning procedure to use (e.g., control plane provisioning or user plane provisioning). If verification is successful, the provisioning server (190) sends a response authorizing the onboarding network to initiate provisioning of the UE and indicating the type of provisioning procedure to use. The authorization procedure prevents rogue or malicious UEs from attempting to initiate a provisioning procedure with the ANPN without prior authorization.

Abstract: According to an aspect, there is provided a method of operating a first network node (420; 430; 520; 530; 620; 630; 730; 740) in a first core network of a telecommunication network. The first network node (420; 430; 520; 530; 620; 630; 730; 740) is for managing data relating to subscribers of the first core network, and the telecommunication network further comprises a second core network having a second network node (420; 430; 520; 530; 620; 630; 730; 740) that is for managing data relating to subscribers of the second core network. The method comprises, after a first wireless device identifier for a first subscriber of the first core network and the second core network is changed to a second wireless device identifier, sending (1101) a first message to the second the second wireless device identifier for the first subscriber.

Abstract: A data management network node (12) is configured for use in a wireless communication network (10). The data management network node (12) stores subscription data (14) for a wireless device (16). The data management network node (12) receives, from network equipment (26), a request that requests subscription data (14) for the wireless device (16). Responsive to the request, the data management network node (12) transmits to the network equipment (26) a response that includes at least some of the stored subscription data (14). If the subscription data (14) included in the response indicates the wireless device (16) is subscribed to use a certain data network or network slice that is subject to secondary or slice-specific access control, the subscription data (14) included in the response includes a least one generic subscription identifier for the wireless device (16).

Abstract: Apparatuses and methods for short message service (SMS) delivery are disclosed. In one embodiment, a method implemented in a data management (UDM) node includes receiving, by the UDM node, a registration request from a home subscriber server, HSS, node, the registration request being to register an Internet Protocol-Short Message-Gateway, IP-SM-GW, and the registration request comprising an address of the IP-SM-GW; and optionally, as a result of receiving the registration request comprising the address of the IP-SM-GW from the HSS node, determining message waiting data. In one embodiment, a method implemented in a HSS node includes receiving a registration request; and sending, to a unified data management, UDM, node, the registration request, the registration request being to register an Internet Protocol-Short Message-Gateway, IP-SM-GW, and the registration request comprising an address of the IP-SM-GW.

Abstract: A method performed by performed by an exposure node having a first identity in a first network domain in a telecommunications network is provided. The method includes initiating a request towards a first network node for a subscription to an event of a communication device. The request includes subscription information for a common network exposure in at least two network domains. The method further includes receiving a response from the first network node. The response includes at least one of: a first confirmation that the event will be reported to the exposure node for a second network domain for the common network exposure and a second confirmation that the event will be reported to the exposure node for the first network domain. The second confirmation omits an indication of the common network exposure. Methods performed by a first network node are also provided.

Abstract: A network node operates a Session Management Function (SMF) in a control plane of a core network of a wireless network. The network node authenticates a User Equipment (UE) with an Extensible Authentication Protocol (EAP) server in a secondary authentication process that uses the SMF as an EAP authenticator. The EAP server is outside of the core network and the UE is separately authenticated with a further network node in the control plane of the core network via a primary authentication process. Authenticating the UE in the secondary authentication process comprises exchanging EAP messages between the SMF and the UE and between the SMF and the EAP server. The SMF authorizes a data session between the UE and the external network through a user plane of the core network based on the UE having successfully authenticated via both the primary authentication process and the secondary authentication process.

Abstract: A serving network establishes a connection with a UE via an N3AN using a trusted registration procedure to establish a secure access link between the UE and the serving network via the N3AN. The serving network sends a trust indication message via the N3AN to the UE using the secure access link to identify the N3AN as trusted or untrusted. When the received trust indication message indicates the N3AN is untrusted, the serving network executes an untrusted registration procedure with the UE using the secure access link to establish the connection between the UE and the serving network. When the received trust indication message indicates the N3AN is trusted, the serving network continues execution of the initial registration with the UE using the trusted registration procedure to establish the connection between the UE and the serving network. The UE and serving network exchange messages via the established connection.

Abstract: A method performed by a first network node includes transmitting a first subscription request message indicating a request to subscribe to receive notification of changes in an authentication status of a wireless device. A first notification message is received. The first notification message includes an indication of a change in the authentication status of the wireless device.

Abstract: Embodiments described herein provide methods and apparatus for configuring a service based architecture for discovery of a Network Function, NF. A method in a Network Function Discovery Orchestration includes configuring, in a domain name system, DNS, a first DNS entry associating a first domain name of the NF with at least one NF Internet Protocol, IP, address of the NF, and a second DNS entry associating the first domain name with at least one edge security node IP address of an edge security node in the first PLMN, wherein, the first DNS entry is for use in resolving requests for the NF which originate from within the first PLMN, and the second DNS entry is for use in resolving requests for the NF which originate from outside the first PLMN. Further methods and apparatus in a Network Repository Function, a Domain Name System and an edge security node are also provided.

Abstract: A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

Abstract: A method for supporting authentication of a User Equipment, UE, in an Internet Protocol, IP, Multimedia Subsystem, IMS, telecommunication network, by interfacing a Service Based Architecture, SBA, telecommunication network, the method including receiving, by a Unified Data Management, UDM, in the SBA telecommunication network, from a Session Management Function, SMF, in the SBA telecommunication network, binding information, wherein the binding information is used to identify the UE in the IMS telecommunication network; receiving, by the UDM in the SBA telecommunication network, from a Home Subscriber Server, in the IMS telecommunication network, a request for providing the binding information, and providing, by the UDM in the SBA telecommunication network, to the HSS in the IMS telecommunication network the binding information, thereby supporting authentication of the UE. Complementary methods and corresponding nodes are also presented herein.

Abstract: Initiating primary reauthentication of a communication device by a home network (UDM or AUSF) is provided. A trigger to initiate a primary reauthentication request of a communication device is detected. An authentication status of the subscription permanent identifier (SUPI) of the communication device is checked. Responsive to the authentication status of the SUPI being obsolete or null, a reauthentication message is transmitted towards an access and mobility management function (AMF) node. A reauthentication confirmation message is received. A determination is made as to whether to continue, abort, or postpone any steering of roaming (SoR) updates, any user equipment parameter updates (UPU updates) or any authentication and key agreement for applications (AKMA) procedures based on the reauthentication confirmation message.

Abstract: An information processing device generates web page data of a first window including a program causing a terminal device to execute an elapsed time determination process for obtaining first time information at a timing of a transition from the first window to a second window, obtaining second time information at a timing during which a process in the first window is executable in a state after the transition to the second window, calculating an elapsed time from a difference between the first time information and the second time information, and executing a predetermined process according to a comparison between the elapsed time and a threshold time. The information processing device executes a process for transmitting the web page data to the terminal device and causing the terminal device to present the web page data.

Abstract: A mechanism is provided to monitor and control the number of terminals (100) or number of PDU sessions for a network slice, or both. A new network function called the Network Slice Control Function (NSCF) (85) is defined that interacts with an Access and Mobility Management Function (AMF) (40) and/or Session Management Function (SMF) (45) to monitor and control a number of users for a network slice, a number of PDU sessions for a network slice, or both. The NSCF (85) determines per slice quotas for the number of users and/or number of session for network slices and interacts with the AMF (40) and/or SMF (45) to enforce the quotas.

Abstract: Apparatuses and methods for short message service (SMS) delivery are disclosed. In one embodiment, a method implemented in a unified data management, UDM, node includes setting a short message service, SMS, function, SMSF, registration notification flag to detect an SMSF registration event associated with a user equipment, UE. In another embodiment, a method implemented in a home subscriber server, HSS, node includes sending a request to subscribe to a notification at a unified data management, UDM, node about a short message service, SMS, function, SMSF, registration event associated with a user equipment, UE.

Abstract: Embodiments include methods performed by a key management node in a communication network. Such methods can include receiving, from an application function, a request for a security key specific to an application session for a particular user. The request can include a representation of the following information associated with the particular user: a first identifier of a non-application-specific anchor security key, and a second identifier related to a network subscription. Such methods can also include, based on the representation, determining an authentication server function that generated the non-application-specific anchor security key. Other embodiments include complementary methods performed by application functions, authentication server functions, and unified data management functions in the communication network. Other embodiments include network nodes configured to perform such methods.