Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: A method of operating a Master gNodeB (MgNB) in a radio access network RAN is disclosed. An indication of a user plane security policy is received from a core network node, wherein the user plane security policy requires user plane integrity protection for a protocol data unit PDU session. Responsive to the user plane security policy requiring user plane integrity protection for the PDU session and responsive to determining that a secondary base station supporting the user plane security policy requiring user plane integrity protection is unavailable, a data radio bearer DRB of the PDU session is established directly between the MgNB and a user equipment UE. Related MgNBs are also discussed.

Abstract: A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.

Abstract: A user equipment (“UE”) in a wireless communication network can generate a padded identifier by inserting a padding bitstring in a field of an identifier associated with the UE. The UE can further encrypt the padded identifier to generate a concealed padded identifier. The UE can further transmit the concealed padded identifier to a network node operating in the wireless communication network.

Abstract: A method performed by a network equipment of a communication network to dynamically provide trust information to a communication device registered or being registered to the communication network is provided. The method includes determining a trust information for each of one or more access networks. The trust information indicates whether each of the one or more access networks is trusted. The method further includes indicating to the communication device whether the one or more access networks is trusted for a current session or a later session. A method performed by a communication device registered or being registered with a communication network to dynamically receive trust information is also provided. The method includes receiving a message including a protected trust information list from a network equipment. The method further includes verifying the protection of the message. The method further includes storing the protected trust information list.

Abstract: A user equipment (“UE”) in a wireless communication network can receive a plurality of signals from a plurality of nodes. The UE can further determine a plurality of radio signal strength measurements. Each radio signal strength measurement can be associated with a signal of the plurality of signals received from the plurality of nodes. The UE can further determine whether there is an indication that a first node of the plurality of nodes may be an imposter node based on the plurality of radio signal strength measurements.

Abstract: A method performed by a wireless device (12) for use in a wireless communication system (10). The method comprises: receiving (W2100) signaling (22) indicating how the wireless device (12) is to generate a message authentication code, MAC, (20) for integrity protecting a Radio Resource Control, RRC, message (18) that 5 requests resumption of an RRC connection; generating (W2110) the MAC according to the signaling; and transmitting (W2120) the RRC message and the generated MAC. Further methods, a wireless devices, network nodes, computer programs, carriers and a communication system are also disclosed.

Abstract: The present disclosure relate to a method performed by a UE (102) for handling an invalid SI signature in a communication system. The UE obtains SI and an associated SI signature for a cell. The UE (102) determines if the obtained SI signature is valid or invalid. If the signature is valid, the UE (102) determines to use the cell. If the SI signature is invalid, the UE (102) determines if the UE (102) is configured to bar cells or not. If the SI signature is invalid and if the UE (102) is not configured to bar cells with invalid SI signature, the UE (102) determines to use the cell. If the SI signature is invalid and the UE (102) is configured to bar cells with invalid SI signature, the UE (102) determines to bar the cell and select another cell to use.

Abstract: The present disclosure relates to a method performed by a UE (102) for handling validity of a SI signature in a com-munication system. The UE (102) obtains, from an access node (103, 104), SI and an associated SI signature for a cell served by the access node (103, 104) and which the UE (102) can use. The UE (102) determines if the obtained SI signature is valid or invalid. The UE (102) determines that the cell is valid if the SI signature is determined to be valid. The UE (102) determines that the cell is invalid if the SI signature is determined to be invalid. The UE (102) provides information indicating the invalid cell to the access node (103, 104) or to another node if the SI signature is determined to be invalid.

Abstract: A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.

Abstract: The embodiments herein relate to a method performed by a UE (103) for handling SI. The UE obtains one or multiple public keys for SI signature verification. Each of the one or multiple public keys is associated with a validity area of an access network where the public key is valid. The UE obtains a SI together with a SI signature from a network node (101) covering a cell. The SI comprises area identification information. The UE determines (103), based on the area identification information comprised in the SI, the validity area that the cell belongs to and the corresponding public key. The UE (103) verifies the SI signature using the determined corresponding public key.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: Methods, network nodes, computer programs, carrier and user equipment, wherein a proof-of-presence in communications between private land mobile networks (PLMNs) is presented. In an example method performed by a network node in a home public land mobile network (HPLMN) of a user equipment (UE), the network node obtains, from a visited public land mobile network (VPLMN), a proof-of-presence indicator that represents the UE as being present in the VPLMN. The network node verifies whether or not the UE is present in the VPLMN by determining whether or not the proof-of-presence indicator was generated by the UE using a secret shared between the UE and at least the HPLMN. Upon verification of the presence of the UE in the VPLMN, sensitive information can be communicated by the HPLMN to the VPLMN.

Abstract: A wireless device requests a network slice from a network by, first, identifying at least one network slice to be requested. Based on a mapping method that is specific to the wireless device, the wireless device forms a slice pseudonym for the or each network slice to be requested. The wireless device then transmits a request message to the network, wherein the request message comprises the or each slice pseudonym. The network node receives the request message sent by the wireless device, wherein the request message comprises at least one slice pseudonym. Based on a mapping method that is used by the wireless device and that is specific to the wireless device, the network node identifies at least one requested network slice from the or each received slice pseudonym. The network node then permits use of the requested network slice.

Abstract: The present disclosure relates to a method performed by a UE (103) for handling signing of system information (SI). The UE (103) obtains, from a network node (101), a first indication which indicates that a first network (100a) is adapted to sign the SI. The signed SI is signed by the first network (100a) using a signature.

Abstract: A method performed by a mobile terminal for verifying at least one privacy profile setting for positioning of the mobile terminal to a location network node in a communications network is provided. The method includes receiving a request from the location network node for the mobile terminal to provide a position of the mobile terminal. The method further includes checking the at least one privacy profile setting of the mobile terminal for permission to provide position information of the mobile terminal. The method further includes determining whether to send the positioning information of the mobile terminal to the location network node based on the checking the at least one privacy profile setting. Methods performed by a network node are also provided.

Abstract: The present disclosure relates to a method performed by a UE (103) in a communications system (100). The UE (103) provides information indicating its SI protection capability to a node (101, 105). The SI protection capability is associated with the UE's (103) capability and need to verify SI signatures. The UE (103) obtains SI protection information from the node (101, 105), and uses the SI protection information.

Abstract: There is provided a method in a target network node for performing early data transmission (EDT) when a wireless device has suspended a connection from a source network node. The method comprises: receiving ciphered data from a first network node; sending a message to the wireless device, the message comprising the ciphered data; and in response to the sent message, receiving a message from the wireless device, the message allowing the target network node to retrieve a User Equipment (UE) context of the wireless device from the source network node.

Abstract: A method and apparatus for a first IAB node for securely communicating with at least one second IAB node is provided. A secure connection with a node of a network is established. A message is received, from the node, indicating a secure messaging protocol to use to communicate with the at least one second IAB node, the message including one of at least one nonce or a key. A control message to be sent to the at least one second IAB node is transformed into a secure control message using the secure messaging protocol. The secure control message is transmitted to the at least one second IAB node.

Abstract: A method performed by a mobile terminal is provided for supporting positioning of the mobile terminal. The method includes receiving a defined filter pattern from a network node in a communications network or another node of the communications network, discovering identities of a plurality of reference devices based on signals received from the plurality of reference devices, filtering the identities of the plurality of reference devices to obtain a subset of identities of the plurality of reference devices that each satisfy the defined filter pattern, and reporting information on the subset of the identities of the plurality of reference devices to the network node.