Abstract: Embodiments include methods for a user equipment, UE (510, 1010, 1100), to obtain security credentials for accessing a non-public network, NPN. Such methods include performing (610) a primary authentication procedure to, obtain a key KAUSF for secure communication between the UE and an onboarding network ON. Such methods also include receiving (620), from a unified data management, UDM, function, encrypted UE credentials for accessing the NPN, and decrypting (630) the encrypted UE credentials based on KAUSF. Other embodiments include complementary methods for UDM functions, authentication server functions (AUSF), and NPN provisioning servers, PVS, as well as UEs or network nodes configured to perform the exemplary methods.

Abstract: A method implemented by a first network node in a telecommunication network is provided. The method includes: determining whether a background data transfer, BDT, policy is to be applied to a first core network, a second core network or both; and in response to the BDT policy being to be applied to both the first core network and the second core network, transmitting, to a second network node, a request for negotiating a common BDT policy for both the first core network and the second core network. If the negotiated BDT policy is applicable to both the first and the second core networks, the applicability of the policy is independent of network coverage, UE support for 5G, availability of the 5G subscription, and whether the UE sessions are handled by the PCF or the PCRF.

Abstract: Embodiments include methods of updating a background data transfer (BDT) policy negotiated between an application function (AF) and a core network (CN) of a telecommunication network. Such methods can be performed by a Policy Control Function (PCF) of the CN and can include, in response to receiving a notification of degraded network performance of a network area, determining that the negotiated BDT policy is affected by the degraded network performance and an Application Service Provider (ASP) associated with the negotiated BDT policy requested a warning notification. Such methods can include determining, at least based on operator policies, updated BDT policy information for the negotiated BDT policy, wherein the updated BDT policy information comprises at least one of the following: at least one candidate BDT policy, and updated conditions for the negotiated BDT policy. Such methods can include sending the updated BDT policy information to the AF.

Abstract: A device manager (200; 300; 400) and associated method for controlling one or more devices (203a-c; 403a-c). The device manager comprises a receiver (304) configured to receive sensor data from one or more sensors (202a-d; 402a-d). The device manager comprises a device controller (314) configured to determine device control data for controlling the operation of one or more devices based on the received sensor data and one or more policy rules stored in a memory (306). The device manager comprises a transmitter (302) configured to transmit the device control data to the one or more devices. The receiver is further configured to receive, from a network node (212, 214; 412) of a telecommunications network, user equipment, UE, data relating to one or more UEs (426a-c) associated with the one or more devices. The device controller is further configured to determine the device control data based on the received UE data.

Abstract: The present disclosure provides a method for a first network element in a communication network to perform service subscriptions for a UE. The method includes: in response to receiving a request comprising service subscription information for the UE from a second network element serving the UE and assisting in the service, cross referencing the service subscription information for the UE in the request with stored service subscription information for the UE for consistency; and in response to being not consistent, initiating updating of service subscriptions for the UE in the second network element according to the stored service subscription information for the UE. Corresponding devices, computer readable storage medium, carrier, etc. are also provided.

Abstract: A method of updating a background data transfer, BDT, policy negotiated between an application function, AF, and a Core Network, CN, is disclose. The method is performed by a Policy Control Function, PCF, of the CN and comprises determining updated BDT policy information including updated conditions for the negotiated BDT policy and at least one candidate BDT policy for the AP to select when the PCF determines that the negotiated BDT policy is affected by degraded network performance. The determined updated BDT policy information is then sent to the AF by the PCF using notification type interaction, thereby effectively updating the negotiated BDT policy.

Abstract: A method, performed by a first node (111), for handling subscriptions in a communications network (100). The first node (111) operates in the communications network (100). The first node (111) sends (303), to a second node (112), a first indication. The first indication requests subscription to report new accessibility for a device (140) to a second domain different than a first domain currently accessible by the device (140). The first node (111) receives (304) a second indication from the second node (112). The second indication indicates the new accessibility by the device (140) to the second domain. A fifth node (115) receives (501), from the first node (111), a fifth indication indicating a notification of an event by the device (140) after the new accessibility has been enabled. The fifth indication is received based on a previous indication sent by the fifth node (115) prior to the new accessibility has been enabled.

Abstract: The present disclosure relates to provisioning of a UE with credentials to access a communication network, such as a SNPN. A DCS maintains a binding of UE onboarding credentials and a UE identifier with network information for the authorized SNPN. After obtaining the network information from the DCS, the onboarding network requests authorization from a provisioning server (190) in the SNPN to initiate a provisioning procedure with the SNPN. The provisioning server (190) verifies that the UE is authorized to access the SNPN and determines the type of provisioning procedure to use (e.g., control plane provisioning or user plane provisioning). If verification is successful, the provisioning server (190) sends a response authorizing the onboarding network to initiate provisioning of the UE and indicating the type of provisioning procedure to use. The authorization procedure prevents rogue or malicious UEs from attempting to initiate a provisioning procedure with the ANPN without prior authorization.

Abstract: Methods and apparatus are provided to enable a consumer network function (consumer NF) to discover instances of a NWDAF 90 co-located with NFs in the 5GC 30 of a communication network 10. Existing procedures and messages between NFs are leveraged to distribute lists of NWDAFs 90 co-located with a NF, such as a UPF 35, AMF 40 or SMF 45. A NF can provide a list of NWDAF instances for a particular UE 15 that are co-located with either the same NF or a separate producer NF when the communication procedure for the UE 15 is invoked. Over time, the consumer NFs build a database associating the co-located NWDAFs in other NFs with corresponding UEs 15 served by the consumer NF. When the consumer NF needs analytic data for one or more UEs 15 served by the consumer NF, the consumer NF can use a UE ID to look up the co-located NWDAFs for the UE 15 and subscribe with the co-located NWDAF instances to receive analytics data for the UE 15.

Abstract: A technique for maintaining a subscription of a subscriber Network Function, NF, for receiving events related to a User Equipment, UE, from a serving NF in a telecommunication system is disclosed, wherein the UE is served by a first instance of the serving NF.

Abstract: The invention relates to a method for operating a container (100) providing a service to a user in a cloud environment, wherein the container is generated from a container image (51) which comprises an encrypted software package, the container image further comprising a decryption entity, wherein the method comprises the steps of receiving a message to set up the container (100) out of the container image (51), the message comprising an access identifier allowing access to a restricted area (60) to which the access is not provided without the access identifier, the restricted area comprising a plurality of decryption keys, and accessing the restricted area (60) using the access identifier received with the message, and retrieving a decryption key from the restricted area (60) based on the access identifier, and decrypting the encrypted software package with the retrieved decryption key in order to generate a decrypted software package, providing the service to the user based on the decrypted software package.

Abstract: Methods and apparatus in a network node are provided. In an example, a method in a network node in a network is provided. The method comprises sending, to a network data management function, information identifying an association between a Network Data Analytics Function (NWDAF) and (i) a first network function in the network, and/or (ii) a User Equipment (UE) in the network.

Abstract: There is provided mechanisms for enabling discovery of a service-providing NF in a 3GPP communication network. A method is performed by a Network Repository Function. The method comprises registering locality information of service-providing NFs according to locality attribute of each service-providing NF. Each locality attribute comprises structured values of location information of its service-providing NF. The method comprises obtaining a request from a service-requesting NF for one of the service-providing NFs. The request specifies a preferred locality of the requested service-providing NF. The preferred locality indicates, in terms of structured values of location information, geographical location where the service-requesting NF is deployed.

Abstract: A method for supporting authentication of a User Equipment, UE, in an Internet Protocol, IP, Multimedia Subsystem, IMS, telecommunication network, by interfacing a Service Based Architecture, SBA, telecommunication network, the method including receiving, by a Unified Data Management, UDM, in the SBA telecommunication network, from a Session Management Function, SMF, in the SBA telecommunication network, binding information, wherein the binding information is used to identify the UE in the IMS telecommunication network; receiving, by the UDM in the SBA telecommunication network, from a Home Subscriber Server, in the IMS telecommunication network, a request for providing the binding information, and providing, by the UDM in the SBA telecommunication network, to the HSS in the IMS telecommunication network the binding information, thereby supporting authentication of the UE. Complementary methods and corresponding nodes are also presented herein.

Abstract: Methods and apparatus are provided for creating and distributing analytics reports in a wireless core network. A CNF requests analytic reports for a plurality of UEs from a NWDAF. Responsive to the request, the NWDAF compiles the requested data and generates analytics reports for the UEs identified in the request. During compilation of the analytics data, the NWDAF performs cluster analysis to identify groups of UEs 100, referred to herein as ephemeral groups, that share the same analytics report and generates a consolidated analytics report for each ephemeral group to reduce the number of analytics reports sent to the CNF 200.

Abstract: A method of updating a background data transfer, BDT, policy negotiated between an application function, AF, and a Core Network, CN, is disclose. The method is performed by a Policy Control Function, PCF, of the CN and comprises determining updated BDT policy information including updated conditions for the negotiated BDT policy and at least one candidate BDT policy for the AP to select when the PCF determines that the negotiated BDT policy is affected by degraded network performance. The determined updated BDT policy information is then sent to the AF by the PCF using notification type interaction, thereby effectively updating the negotiated BDT policy.

Abstract: Exemplary embodiments include a method for provisioning subscription data, for a plurality of subscribers, to one or more network functions, NFs, in a communication network. Such embodiments include storing group data, related to the plurality of subscribers, in association with at least a first group identifier, GID, but not in association with individual subscription data for the respective subscribers. Such embodiments also include sending, to the one or more NFs, the group data and the first GID. Such embodiments also include sending, to a particular one of the NFs, the first GID and individual subscription data for a particular one of the subscribers. Embodiments also include complementary methods performed by network functions that receive subscription data in this manner, as well as various network functions and/or nodes, in a communication network, that are configured to perform various disclosed methods.

Abstract: A method performed by an Access and mobility Management Function (AMF) node for allocating a target network slice instance to serve a (PDU) session for a User Equipment (UE). The AMF node receives (501), from a Network Slice Selection Function (NSSF) node, information about a decision to change an allocation of a first network slice instance that is serving the PDU session to the target network slice instance, and an identifier of the target network slice instance. The AMF node then retrieves (502), from a first Session Management Function (SMF) node of the first network slice instance, a UE context related to the UE and the PDU session. The AMF node transmits (504), towards a target SMF node of the target network slice instance, information about the retrieved UE context and Access Network (AN) tunnel information to be used for the PDU session. The AMF node receives (505), from the target SMF node, target Core Network (CN) tunnel information to be used for the PDU session.

Abstract: Methods and systems are provided for selecting a network slice to which a User Equipment (UE) can connect in the telecommunications network. A Cache Inventory Repository (CIR) stores cache associations indicating content cached at each of a plurality of Cache Network Functions (Cache NFs) and the network slice in which each Cache NR is located. A Network Slice Selection Function (NSSF) transmits to the CIR a request for cache data indicating a particular content cached in one or more network slices. The CIR determines the requested cache data based on the stored cache associations and transmits the requested cache data to the NSSF. The NSSF selects a network slice to which the UE can connect, based at least in part on the received cache data identifying the one or more network slices.

Abstract: Selecting a network slice (202a-n) to which a User Equipment, UE, (204a-b) can connect in the telecommunications network. A CIR (216) stores, based on content data received from a plurality of Cache NFs (210), cache associations indicating content cached at each of the Cache NFs and the network slice in which each Cache NF is located. An NSSF (218) transmits to the CIR a request for cache data indicating a particular content cached in one or more network slices. The CIR determines the requested cache data based on the stored cache associations and transmits the requested cache data to the NSSF. The cache data comprises at least one of: one or more Cache NFs and one or more network slices caching the particular content. The NSSF selects a network slice to which the UE can connect, based at least in part on the received cache data identifying the one or more network slices.