Abstract: A first network node operating in a telecommunications network can receive an authentication request associated with a communication device requesting registration with the telecommunications network. The authentication request can include first subscriber information. The first network node can determine that the first subscriber information includes an anonymous identifier. Responsive to determining that the first subscriber information includes the anonymous identifier, the network node can determine an authentication procedure to be performed. The network node can receive information associated with the communication device as part of the authentication procedure. The network node can generate second subscriber information based on the information associated with the communication device.

Abstract: Systems and methods related to a bootstrapping service for a network function (NF) in a core network of a cellular communications system are disclosed. In one embodiment, a method performed by a first NF in a core network of a cellular communications system comprises receiving, from a second NF, a request for services exposed by the first NF. The method further comprises, responsive to receiving the request, sending, to the second NF, information about one or more services exposed by the first NF. In one embodiment, the information about one or more services exposed by the first NF includes Application Programming Interface (API) versions of the one or more services. In this manner, flexibility is provided in the network since there is no need for static configuration of service parameters.

Abstract: A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.

Abstract: Embodiments described herein relate to methods and apparatuses for registering one or more services that a producer network function is capable of providing at a network repository function and allowing for the access of those services by consumer network functions. A method in a producer network function comprises transmitting a registration request to the NRF, wherein the registration request comprises registration information comprising: an indication of the one or more services; and an indication of resources and operations associated with each resource of the one or more services that are allowed per network function consumer type.

Abstract: Embodiments include methods performed by a key management node in a communication network. Such methods can include receiving, from an application function, a request for a security key specific to an application session for a particular user. The request can include a representation of the following information associated with the particular user: a first identifier of a non-application-specific anchor security key, and a second identifier related to a network subscription. Such methods can also include, based on the representation, determining an authentication server function that generated the non-application-specific anchor security key. Other embodiments include complementary methods performed by application functions, authentication server functions, and unified data management functions in the communication network. Other embodiments include network nodes configured to perform such methods.

Abstract: Embodiments described herein relate to methods and apparatus for obtaining and/or providing Home Subscriber Service, HSS, information. A method in a first service based architecture, SBI, capable Internet Protocol Multimedia Subsystem, IMS, entity includes: transmitting a discovery request to a network repository function, NRF; receiving a response comprising HSS information from the NRF; and transmitting at least a portion of the HSS information to a second SBI capable IMS entity.

Abstract: A method performed by a first node implementing a first NF in a visited network (VPLMN) for communicating with a third node implementing a second NF in a home network (HPLMN) is provided. Embodiments include: determining that the third node should be communicated with; sending, towards a second node implementing a Security Edge Protection Proxy (SEPP) in the visited network, a request for a telescopic FQDN for the third node in the home network to be used by the first node in the visited network to communicate with the third node in the home network, which request comprises a FQDN of the third node in the home network; receiving, from the second node, a telescopic FQDN for the third node wherein the FQDN for the third node in the home network is flattened to a single label to be used by the first node to communicate with the third node.

Abstract: A method performed by a mobile terminal for verifying at least one privacy profile setting for positioning of the mobile terminal to a location network node in a communications network is provided. The method includes receiving a request from the location network node for the mobile terminal to provide a position of the mobile terminal. The method further includes checking the at least one privacy profile setting of the mobile terminal for permission to provide position information of the mobile terminal. The method further includes determining whether to send the positioning information of the mobile terminal to the location network node based on the checking the at least one privacy profile setting. Methods performed by a network node are also provided.

Abstract: A method by a core network node of a core network of a wireless communication system for authenticating a user equipment, UE, to the core network includes receiving a first authentication request to authenticate the UE to the core network, determining that the UE should be authenticated by an external authentication entity that is external to the wireless communication system, transmitting a second authentication request to the external authentication entity, the second authentication request identifying the UE, receiving an authentication response from the external authentication entity verifying authenticity of the UE, the authentication response including a master key, and deriving a first key for securing communications with the UE from the master key.

Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.

Abstract: Exemplary embodiments include a method for provisioning subscription data, for a plurality of subscribers, to one or more network functions, NFs, in a communication network. Such embodiments include storing group data, related to the plurality of subscribers, in association with at least a first group identifier, GID, but not in association with individual subscription data for the respective subscribers. Such embodiments also include sending, to the one or more NFs, the group data and the first GID. Such embodiments also include sending, to a particular one of the NFs, the first GID and individual subscription data for a particular one of the subscribers. Embodiments also include complementary methods performed by network functions that receive subscription data in this manner, as well as various network functions and/or nodes, in a communication network, that are configured to perform various disclosed methods.

Abstract: Methods and network nodes of a wireless communications network are disclosed. The network nodes are operable to initiate a plurality of authentication mechanisms. Responsive to receipt of a request for authentication transmitted by a terminal device of the wireless communications network, the network nodes are configured to select an authentication mechanism from the plurality of authentication mechanisms; and are further configured to initiate the selected authentication mechanism to authenticate the terminal device with the wireless communications network.

Abstract: Systems and methods are described for redirecting a user equipment with a routing misconfiguration. An exemplary method includes detecting a potential misconfiguration associated with the user equipment or a subscriber identity module (SIM) associated with the user equipment and generating an error code indicating the potential misconfiguration associated with the user equipment of the SIM associated with the user equipment. The error code is transmitted to an authentication module and indicates that the misconfiguration is an incorrect routing identifier and includes additional user information.

Abstract: The present specification faces the issues of selecting a right 5G Network Function, NF, instance in scenarios wherein NF instances are considered NF segments that manage different sets of users and wherein NF segmentation is not based on SUPI ranges. To solve these issues, there is provided a new procedure for accessing an NF segment, wherein registration and discovery of the right NF segment is based on a Routing Indicator, and wherein the Routing Indicator, which is received with a Subscription Concealed Identifier (SUCI) identifying a UE, is included in any interaction between 5GC NFs.

Abstract: Embodiments include methods performed by a key management node in a communication network. Such methods can include receiving, from an application function, a request for a security key specific to an application session for a particular user. The request can include a representation of the following information associated with the particular user: a first identifier of a non-application-specific anchor security key, and a second identifier related to a network subscription. Such methods can also include, based on the representation, determining an authentication server function that generated the non-application-specific anchor security key. Other embodiments include complementary methods performed by application functions, authentication server functions, and unified data management functions in the communication network. Other embodiments include network nodes configured to perform such methods.

Abstract: A method of registering a User Equipment, UE, in a communication network, said method comprising the steps of receiving, by a control node in said core network, from an access network, a registration request message for registering a UE in said communication network, transmitting, by said control node, to a subscriber node in said communication network, a subscription request message, wherein said subscription request message requests subscription information for said UE and comprises an identification of a type of said access network, AN, via which said UE registration request message is received and an identification of a Radio Access Technology, RAT, used by said UE for connecting to said access network, receiving, by said control node, from said subscriber node, a subscription response message comprising said subscription information for said UE based on said AN and said RAT and transmitting, by said control node, to said UE, a registration complete message for indicating that said UE has registered in th

Abstract: A method for discovering services in a telecommunication network provided by a network function, NF, in a Service Based Architecture, SBA, based telecommunication network, said method comprising the steps of receiving a discovery request, from a Network function, NF, consumer, for discovering an NF producer to interact with, wherein said discovery request comprises a Mobile Station International Subscriber Directory Number, MSISDN, associated with said NF consumer, transmitting to an address translate server, an address translate query, wherein said address translate query comprises said MSISDN, receiving an address translate response, wherein said address translate response comprises a Universal Resource Identifier, URI, and transmitting, to said NF, a discovery response, wherein said discovery response comprises an NF producer instance for interaction with said NF.

Abstract: An information processing device generates web page data of a first window including a program causing a terminal device to execute an elapsed time determination process for obtaining first time information at a timing of a transition from the first window to a second window, obtaining second time information at a timing during which a process in the first window is executable in a state after the transition to the second window, calculating an elapsed time from a difference between the first time information and the second time information, and executing a predetermined process according to a comparison between the elapsed time and a threshold time. The information processing device executes a process for transmitting the web page data to the terminal device and causing the terminal device to present the web page data.

Abstract: Network equipment in a wireless communication network is configured to receive at least a portion of a subscription concealed identifier, SUCI, (34) for a subscriber. The SUCI (34) contains a concealed subscription permanent identifier, SUPI, (20) for the subscriber. The received at least a portion of the SUCI (34) indicates a sub-domain code, SDC. The SDC indicates a certain sub-domain, from among multiple sub-domains of a home network of the subscriber, to which the subscriber is assigned. The network equipment is also configured to determine, based on the SDC and from among multiple instances of a provider network function in the home network respectively allocated to provide a service to be consumed for subscribers assigned to different sub-domains, an instance of the provider network function to provide the service to be consumed for the subscriber.

Abstract: A method by an AUSF of a home PLMN configured to communicate through an interface with electronic devices is provided. A first authentication request is received from a first PLMN that is authenticating an electronic device. A first security key used for integrity protection of messages delivered from the home PLMN to the electronic device is obtained. A second authentication request is received from a second PLMN that is authenticating the electronic device. A second security key used for integrity protection of the messages delivered from the home PLMN to the electronic device is obtained. A message protection request is received. Which of the first security key and the second security key is a latest security key is determined. The latest security key is used to protect a message associated with the message protection request.