Abstract: A method for handling change of serving Access and Mobility Managing Function for a user equipment. The method comprises sending (S2) of a context request to a source Access and Mobility Managing Function. This sending is performed from a target Access and Mobility Managing Function. In the target Access and Mobility Managing Function, a context is received (S3) in reply from the source Access and Mobility Managing Function. The context comprises a parameter which identifies a Security Anchor Function Access and Mobility Managing Function. The Security Anchor Function Access and Mobility Managing Function keeps a key, which is shared with the user equipment. A method for handling a change of serving Access and Mobility Managing Function in a user equipment is also disclosed as well as Access and Mobility Managing Function and User Equipments therefore.

Abstract: The present invention faces the issue of improving isolation of network slices in network slicing deployments where a centralized User Data Management, which includes subscription information for all users in a network with a plurality of network slices, is shared by the plurality of network slices. To solve this issue, the present invention provides for a distributed slice data repository for handling slice selection data for users equipped with a user equipment, UE, in a network that includes a plurality of network slices. This distributed slice data repository has: a slice user data repository, SDR, per network slice basis and including subscription information for each UE to be served by the network slice, and a slice selection repository, SSR, which is external to any network slice, shared by the plurality of network slices, and only includes slice selection data for every UE in the network.

Abstract: There is provided mechanisms for attachment of a wireless device to an MNO. A method is performed by the wireless device. The method comprises providing an authorization token to an AMF node of the MNO in conjunction with authenticating with the AMF node. The method comprises completing attachment to the MNO upon successful validation of the authorization token by the AMF node.

Abstract: The present invention faces the issue of introducing a new direct interface NG10, between a unified data management function and a session management function in a HPLMN, i.e., a home SMF, in order to obtain a service profile for a UE, at the home SMF from the UDM, and provides for the home SMF obtaining such service profile from a policy control function via the existing NG7 interface.

Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

Abstract: A report message (304) is transmitted between a control node (107) of a first network and a subscriber service node (109). The report message (304) indicates granted or failed authorization of a subscriber to establish a packet data session with a second network via all access point node.

Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

Abstract: A method for handling change of serving Access and Mobility Managing Function for a user equipment. The method comprises sending of a context request to a source Access and Mobility Managing Function. This sending is performed from a target Access and Mobility Managing Function. In the target Access and Mobility Managing Function, a context is received (S3) in reply from the source Access and Mobility Managing Function. The context comprises a parameter which identifies a Security Anchor Function Access and. Mobility Managing Function. The Security Anchor Function Access and Mobility Managing Function keeps a key, which is shared with the user equipment. A method for handling a change of serving Access and Mobility Managing Function in a user equipment is also disclosed as well as Access and Mobility Managing Function and User Equipments therefore.

Abstract: A report message (304) is transmitted between a control node (107) of a first network and a subscriber server node (109). The report message (304) indicates granted or failed authorization of a subscriber to establish a packet data session with a second network via an access point node.

Abstract: Methods and network nodes of a wireless communications network are disclosed. The network nodes are operable to initiate a plurality of authentication mechanisms. Responsive to receipt of a request for authentication transmitted by a terminal device of the wireless communications network, the network nodes are configured to select an authentication mechanism from the plurality of authentication mechanisms; and are further configured to initiate the selected authentication mechanism to authenticate the terminal device with the wireless communications network.

Abstract: A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

Abstract: Methods and apparatus for controlling implementation of services in a mobile telecommunications network. A user database stores one or more user subscription profiles. Each user subscription profile is associated with services implemented in one or more network domains and includes a plurality of individual Operator Determined Barring indicators, ODBs, and respective status information. A network node includes a receiver configured to receive, from the user database, a user subscription profile, a master ODB indicating barring for a plurality of the services associated with the user subscription profile and master ODB status information. An ODB status determiner is configured to determine that the master ODB is active. An ODB initiator is configured to initiate, for the plurality of services, barring for all individual ODB indicators in the user subscription profile, irrespective of the received status information for the individual ODB indicators.

Abstract: Methods and apparatus for implementing a Home Subscriber Server, HSS, (102, 200) a Serving Call Session Control Function, S-CSCF, (110, 300) and an Internet Protocol Multimedia Subsystem Application Server, IMS AS, (112, 400) in an Internet Protocol Multimedia Subsystem, IMS. The HSS comprises multi-subscription data for a user with a plurality of devices (100a, 100b, 100c). The multi-subscription data comprises a private identifier assigned for each of the plurality of devices and a common set of one or more public identifiers associated with each private identifier assigned for each of the plurality of devices. The S-CSCF transmits to the HSS a message for assigning a server in the IMS to a device. The HSS determines, based on a private identifier and multi-subscription data in the message, a multi-subscription indicator indicating whether the received private identifier is related to a multi-subscription. The HSS transmits a response to the received message comprising the multi-subscription indicator.

Abstract: A technique is disclosed for synchronizing first and second data sets stored in a data repository. A method includes triggering, by the data repository, in response to a commit order relating to an ongoing transaction requested by a client and instructing the data repository to apply data modification(s) on the first data set, transmission of a notification event message relating to the ongoing transaction to a data consistency controller. The method includes receiving, by the data repository, a notification event response message relating to the ongoing transaction from the data consistency controller, the notification event response message indicating to the data repository whether (i) to commit the data modification(s) instructed by the commit order on the first data set and corresponding data modification(s) on the second data set, or (ii) to roll back the data modification(s) instructed by the commit order on the first data set.

Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

Abstract: A method of initiating a Packet Data Unit, PDU, session between an User Equipment, UE, and a Data Network Name, DNN, in a telecommunication network, said method comprising the steps of; receiving, by an Access & Mobility Function, AMF, a registration request for an UE for registering said UE in said telecommunication network, retrieving, by said AMF, from an Unified Data Management, UDM, node, one or more DNNs to which PDU sessions are expected to be established by said UE in said telecommunication network, and wherein said step of retrieving is triggered by said receiving of said registration request, instructing, by said AMF, said UE to initiate said one or more PDU sessions between said UE and said one or more DNNs. Complementary methods and Devices for performing a method according to the invention are also presented herein.

Abstract: A method of establishing a Packet Data Unit, PDU, session between a User Equipment, UE (51; 600), and a data network identified by a Data Network Name, DNN, in a telecommunication network. The telecommunication network comprising an Access and Mobility Function, AMF (56; 66; 500), and a Policy Control Function, PCF (60; 700).

Abstract: Methods and apparatus for secondary authentication in a network. A method performed by a user equipment (UE) comprises establishing a user plane (UP) session or connection with a UP function (UPF), receiving an extensible authentication protocol (EAP) based authentication request from the UPF and sending an EAP based authentication response to the UPF. A method performed by a user plane UP function (UPF) comprises establishing a UP session or connection to a user equipment (UE), sending an extensible authentication protocol (EAP) based authentication request to the UE, and receiving an EAP based authentication response from the UE.

Abstract: Methods and apparatus for controlling implementation of services in a mobile telecommunications network. A user database stores one or more user subscription profiles. Each user subscription profile is associated with services implemented in one or more network domains and includes a plurality of individual Operator Determined Barring indicators, ODBs, and respective status information. A network node includes a receiver configured to receive, from the user database, a user subscription profile, a master ODB indicating barring for a plurality of the services associated with the user subscription profile and master ODB status information. An ODB status determiner is configured to determine that the master ODB is active. An ODB initiator is configured to initiate, for the plurality of services, barring for all individual ODB indicators in the user subscription profile, irrespective of the received status information for the individual ODB indicators.

Abstract: A user equipment (18) is configured to receive an extensible authentication protocol, EAP, request (28) from a session management function, SMF, (14) that serves as an EAP authenticator for secondary authentication of the user equipment (18). The secondary authentication is authentication of the user equipment (18) in addition to primary authentication of the user equipment (18). The user equipment (18) is also configured to, responsive to the EAP request (28), transmit an EAP response (30) to the SMF (14).