Abstract: A node (130) of a wireless communication network obtains event data related to one or more wireless devices (10) connected to the wireless communication network. Based on analyzing the event data, the node (130) detects that at least one of the one or more wireless devices corresponds to a rogue UAV. Further, the node (130) reports the detected at least one wireless device to an aircraft traffic management system.

Abstract: The invention relates to a method for operating an application server providing a service to a multipath enabled mobile entity connected to the application server with a first bearer of a first access network of a first mobile communications network, wherein the application server is external to the mobile communications network, whereas the method comprises the steps of receiving an indication that the mobile entity has an option to use another bearer not belonging to the first mobile communications network for accessing the application server, and of transmitting a request message towards a policy control entity of the first mobile communications network requesting the policy control entity to disconnect the first bearer.

Abstract: A method (700) in a policy control function, PCF, of moving a session from a service function chain, SFC, to a new SFC, wherein the SFC comprises a first SF that modifies packets in the session. The method comprises determining (702) to update a second SF in the SFC for the session, determining (704) a new SFC for the session comprising new SFs, wherein the new SFs are selected based on the determined update to the second SF and information related to the packet modification performed by the first SF and (706) sending a first message to a session management function, SMF, comprising updated policy control rules for the session, wherein the updated policy control rules comprise an indication of the new SFC for the session.

Abstract: A method for over-the-top, OTT, management in a communication network is presented. The method is performed in a packet data network gateway, PGW. The method comprises receiving (S200) a request for an application network interaction protocol, ANIP, service from an application client, sending (S210) the received request to a global ANIP server, wherein the request is extended with a public land mobile network, PLMN, identity, receiving (S220) an address to a local ANIP server from the global ANIP server, and sending (S230) the received address to the local ANIP server to the Send request for application client. Methods, a PGW, an application client, an ANIP server, computer programs, and a ANIP service computer program product for OTT management in a communication network are also presented.

Abstract: A method for over-the-top (OTT) management in a communication network is presented. The method is performed in an application client. The method comprises sending a request for activation of a policy for an application network interaction protocol (ANIP) service to a packet data network gateway (PGW) wherein the request indicates an address to a local ANIP server; receiving a set of rules related to the requested activation of the policy from the PGW, wherein the set of rules are defined for a packet data network (PDN) session applicable for the ANIP service; and communicating over the communication network based on the received set of rules. Methods, application clients, PGWs, ANIP servers, computer programs, and a computer program for OTT management in a communication network are also presented.

Abstract: A method and apparatus for device authentication and authorisation, wherein the method comprises: receiving, at an authentication and authorisation node, a device authorisation request comprising identity information for an application executed by a device and a first application specific container containing application specific information; identifying, using the device authorisation request, the application to which the request relates, and checking the authorisation status of the application; if the application is for use, transmitting an authorisation approval, the authorisation approval comprising the first application specific container containing application specific information.

Abstract: Embodiments of the invention can relate to various methods for operating a network exposure entity (270) and/or a policy control entity in a wireless communications network (200), in which a data packet session can be provided between a service provider (300) and a user equipment (100), the methods comprising steps for enabling the wireless communications network (200) to take an active role in a multi-factor authentication procedure requested by the service provider (300). Further embodiments of the invention relate to respective network exposure entities (270) and/or policy control entities.

Abstract: The invention relates to a method for operating an application server providing a service to a multipath enabled mobile entity connected to the application server with a first bearer of a first access network of a first mobile communications network, wherein the application server is external to the mobile communications network, whereas the method comprises the steps of receiving an indication that the mobile entity has an option to use another bearer not belonging to the first mobile communications network for accessing the application server, and of transmitting a request message towards a policy control entity of the first mobile communications network requesting the policy control entity to disconnect the first bearer.

Abstract: The use of multipath enabled mobile entities accessing a service outside the network in a multipath connection. The invention relates to a method for operating an application server (100) providing a service to a multipath enabled mobile entity (10) connected to the application server with a first bearer of a first access network of a first mobile communications network, wherein the application server is external to the mobile communications network, whereas the method comprises the steps of receiving an indication that the mobile entity (10) has an option to use another bearer not belonging to the first mobile communications network for accessing the application server, and of transmitting a request message towards a policy control entity (50) of the first mobile communications network requesting the policy control entity to disconnect the first bearer.

Abstract: A technique of configuring a core network domain of a wireless communication network for detection of service traffic that is to be trustfully handled in accordance with traffic handling information stored in a blockchain is provided. A method implementation of this technique comprises receiving, from a service provider, traffic detection information for service traffic that is to be handled in accordance with the traffic handling information. The method further comprises triggering an association, in the blockchain, of the received traffic detection information with the traffic handling information, and providing the traffic detection information to the core network domain for detecting the service traffic that is to be handled in accordance with the traffic handling information.

Abstract: The invention relates to a method for operating a network exposure entity (100) in a cellular network, the method comprising receiving (S30) a first request from an application entity requesting vehicle related information, the vehicle related information comprising a vehicle identifier and at least one vehicle related parameter of a vehicle. A subscription request is transmitted to a collecting entity (200, 700) configured to collect the vehicle related information for the vehicle, the transmitted subscription request comprising the at least one vehicle related parameter. A first notification is received from the collecting entity in response to the subscription, the response comprising information related to the at least one vehicle related parameter, and a second notification is transmitted to the application entity comprising the vehicle identifier and the information related to the at least one vehicle related parameter.

Abstract: A method (700) in a policy control function, PCF, of moving a session from a service function chain, SFC, to a new SFC, wherein the SFC comprises a first SF that modifies packets in the session. The method comprises determining (702) to update a second SF in the SFC for the session, determining (704) a new SFC for the session comprising new SFs, wherein the new SFs are selected based on the determined update to the second SF and information related to the packet modification performed by the first SF and (706) sending a first message to a session management function, SMF, comprising updated policy control rules for the session, wherein the updated policy control rules comprise an indication of the new SFC for the session.

Abstract: A method, an operator network (101) and nodes (120, 140, 160) for managing trafficare disclosed. The network exposure node (160) receives (A010) a Packet Flow Description (PFD) rule for a server application (190). The PFD rule comprises one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters. The one or more protocol parameters comprise for example an indication relating to common names (CNS), an indication relating to a domain name system (DNS) domain name, a server name indication (SNI), an indication relating to fraud prevention, an indication relating to a server IP address. The network exposure node (160)transmits (A020) the PFD rule to the session node (140), which transmits (A040), towards the user data node (120), a management request comprising the PFD rule. The user data node (120) receives (A080), from the client application (115), traffic destined to the server application (190).

Abstract: A method and apparatus for device authentication and authorisation, wherein the method comprises: receiving, at an authentication and authorisation node, a device authorisation request comprising identity information for an application executed by a device and a first application specific container containing application specific information; identifying, using the device authorisation request, the application to which the request relates, and checking the authorisation status of the application; if the application is for use, transmitting an authorisation approval, the authorisation approval comprising the first application specific container containing application specific information.

Abstract: A method for over-the-top, OTT, management in a communication network is presented. The method is performed in a packet data network gateway, PGW. The method comprises receiving (S200) a request for an application network interaction protocol, ANIP, service from an application client, sending (S210) the received request to a global ANIP server, wherein the request is extended with a public land mobile network, PLMN, identity, receiving (S220) an address to a local ANIP server from the global ANIP server, and sending (S230) the received address to the local ANIP server to the Send request for application client. Methods, a PGW, an application client, an ANIP server, computer programs, and a ANIP service computer program product for OTT management in a communication network are also presented.

Abstract: A method for over-the-top (OTT) management in a communication network is presented. The method is performed in an application client. The method comprises sending a request for activation of a policy for an application network interaction protocol (ANIP) service to a packet data network gateway (PGW) wherein the request indicates an address to a local ANIP server; receiving a set of rules related to the requested activation of the policy from the PGW, wherein the set of rules are defined for a packet data network (PDN) session applicable for the ANIP service; and communicating over the communication network based on the received set of rules. Methods, application clients, PGWs, ANIP servers, computer programs, and a computer program for OTT management in a communication network are also presented.

Abstract: The use of multipath enabled mobile entities accessing a service outside the network in a multipath connection. The invention relates to a method for operating an application server (100) providing a service to a multipath enabled mobile entity (10) connected to the application server with a first bearer of a first access network of a first mobile communications network, wherein the application server is external to the mobile communications network, whereas the method comprises the steps of receiving an indication that the mobile entity (10) has an option to use another bearer not belonging to the first mobile communications network for accessing the application server, and of transmitting a request message towards a policy control entity (50) of the first mobile communications network requesting the policy control entity to disconnect the first bearer.

Abstract: The present invention faces the issue of a user ignoring an alternative second service usable instead of a first service that the user is using, and which is a service subscribed by the user. To solve this issue, the present invention provides for associating a first service identifier and a second service identifier with a same service category at a subscription repository; upon detecting at a policy enforcer the first service is used by the user, notifying a policy controller of the first service identifier; obtaining, by the policy controller from the subscription repository, the second service identifier associated with the same service category as the first service identifier; offering the user, either directly from the policy controller or via the policy enforcer, to accept using the second service instead of the used first service; and, upon user accepting to use the second service, enforcing control rules for the second service at the policy enforcer.

Abstract: The present invention faces the issue of a user ignoring an alternative second service usable instead of a first service that the user is using, and which is a service subscribed by the user. To solve this issue, the present invention provides for associating a first service identifier and a second service identifier with a same service category at a subscription repository; upon detecting at a policy enforcer the first service is used by the user, notifying a policy controller of the first service identifier; obtaining, by the policy controller from the subscription repository, the second service identifier associated with the same service category as the first service identifier; offering the user, either directly from the policy controller or via the policy enforcer, to accept using the second service instead of the used first service; and, upon user accepting to use the second service, enforcing control rules for the second service at the policy enforcer.

Abstract: A method for classifying packets includes determining an execution indication indicating at least one amongst a service and application being executed on a user terminal and generating uplink packets; determining a marker on the basis of PCC rules available at the user terminal and at least one execution indication, the marker for identifying at least one of a service and an application associated to uplink packets; transmitting the marker and the uplink packets, to a PCEF network entity; determining an uplink classification, at the PCEF network entity, for received uplink packets based on the marker; storing, at said PCEF network entity, an association between information related to an uplink flow corresponding to the uplink packets and uplink classification; receiving, at said PCEF network entity, downlink packets corresponding to the uplink packets; determining a downlink classification, at the PCEF network entity, for received downlink packets based on the stored association.