Abstract: Example embodiments of the present disclosure relate to abnormal model behavior detection. A first apparatus obtains a machine learning model and expected behavior information of the machine learning model. The first apparatus monitors behavior information of the machine learning model during execution of the machine learning model; and determines occurrence of an abnormal behavior of the machine learning model during the execution by comparing the monitored behavior information with the expected behavior information.

Abstract: There is provided an apparatus comprising: means for providing, to a network repository function, a discovery request comprising a preferred locality query parameter, wherein the preferred locality query parameter comprises a plurality of location descriptions, and means for receiving, from the network repository function, a response to the discovery request, wherein the response comprises one or more service producers that match the preferred locality query parameter.

Abstract: There are provided measures for improved robustness of artificial intelligence or machine learning capabilities against compromised input. Such measures exemplarily comprise receiving, from a first machine learning model training data collection entity, first machine learning model training input data, analyzing said first machine learning model training input data for malicious input detection, deducing, based on a result of said analyzing, whether said first machine learning model training data collection entity is suspected to be compromised, and transmitting, if said first machine learning model training data collection entity is suspected to be compromised, information to a core network entity indicative of that said first machine learning model training data collection entity is suspected to be compromised.

Abstract: There is provided an apparatus comprising means for: receiving, at a coordinating network function from a network function consumer, at least one data request, wherein the at least one data request indicates at least one version of an application programming interface supported by the network function consumer; and causing, by the coordinating network function, data to be provided to the network function consumer from at least one data source based on the at least one data request and one or more versions of an application programming interface supported by the at least one data source.

Abstract: A method of performing a data retrieval service for a first analytics function of a first communication network comprises collecting (S201), for at least one user equipment, data from the first communication network, obtaining (S203), from the collected data, processed information which is to be passed to an entity of a second communication network, and storing (S205) the processed information, wherein the processed information complies with one or more protection policies with respect to the second communication network.

Abstract: A system and method for saving mobile battery and empowering user equipment for controlling incoming communication and paging are provided. Also provided are a system and method for determining whether a mobile a device is in an idle mode, and in response to receiving an incoming communication from a service, determining whether the service associated with the incoming communication is on a reject list of services or a preferred list of services. The system performs a first action specified by a determination that the service is on the reject list of services or the service is not on the preferred list of services, and performs a second action specified by a determination that the service is on the preferred list of services. The first action differs from the second action.

Abstract: Methods and apparatus are disclosed for. A method comprises, collecting information on messages exchanged between a first mobile network and a second mobile network during a time period; and determining a trust indication of the first mobile network at least based on the collected information. The trust indication of the first mobile network indicates a level of trustworthiness of the first mobile network.

Abstract: Various example embodiments relate to authentication in case of roaming. An apparatus may be configured to receive, by an application function of a first visitor public land mobile area network (PLMN) or a second visitor PLMN of a device, a registered serving network identifier of the device indicative of the first visitor PLMN; and transmit, based on the registered serving network identifier, an encryption key to an application security function of the first visitor PLMN for encryption of an application session of the device.

Abstract: Example embodiments of the present disclosure relate to switching over without disconnection of access network. In an example method, a core network device receives a sensing request from a terminal device. The first apparatus receives an internal indication of the switchover from a second apparatus of the terminal device separable from the first apparatus; switches from a first context associated with the first traffic to a second context associated with the second traffic; and sends a response to the second apparatus of the terminal device to indicate that the switching is completed. In this way, the first apparatus of the terminal device can switch from the first context to the second context, without disconnection with the access network, and without interrupt of the service.

Abstract: Example embodiments of the present disclosure relate to access token revocation in security management. In an example method, in response to providing, to a second device, an access token for the second device to access a NF service from a third device, a first device stores a mapping indicating an association among the access token, the second device and the third device. In response to determining that the second device is abnormal, the first device sends, to at least one target device based on the mapping, an indication of revoking the access token. In this way, at least one target device associated with revoked access token can be informed and potential damage caused by the abnormal NF can be eliminated.

Abstract: There is provided an apparatus, said apparatus comprising means for, at a network repository function, NRF, receiving, from a NRF consumer, a registration request comprising first information, determining, based on the first information, a preferred NRF instance for the NRF consumer and at least one backup NRF instance for use by the NRF consumer if the preferred NRF instance is unreachable and providing an indication of the determined preferred NRF and an indication of the determined at least one backup NRF to the NRF consumer.

Abstract: There are provided measures for optimization of network function profile administration and discovery. Such measures exemplarily comprise, at a network entity in a network entity composition, transmitting, towards a network repository function, a network entity registration request including an identifier of said network entity, an identifier of said network entity composition, and network entity specific attributes of said network entity, and receiving a network entity registration response indicative of a result of said network entity registration request.

Abstract: Systems, methods, and software of performing a data repository service. In one embodiment, a data repository Network Function (NF) of a 5G core network is configured to receive a request from an NF service consumer for a service operation regarding storage of a record, and containing meta and/or one or more blocks of the record. The data repository NF is configured to apply encryption to one or more meta tags of the meta and/or to the blocks of the record based on one or more encryption indicators embedded in a meta schema defined for the meta, and to store the record with the one or more meta tags and/or the blocks in encrypted format according to the meta schema.

Abstract: There is provided an apparatus, said apparatus comprising means for receiving, at a first network function from a second network function, a subscription request for notification of at least one event, wherein the subscription request comprises at least one condition to trigger notification of the at least one event, and providing a notification of the at least one event to the second network function according to the at least one condition.

Abstract: Embodiments of the present disclosure relate to terminal device authorization for requesting analytics. A terminal device transmits a subscription for an analytics with an analytics identity to a Unified Data Management (UDM), receives a subscribed analytics identity from the UDM, according to the subscription for the analytics, transmits a request comprising the analytics identity to a Session Management Function (SMF) or an Application Function (AF), and receives analytics result data from the SMF or the AF, according to the the analytics identity after authorization of the request. The terminal device authorization for requesting analytics as provided in the present disclosure is more secure.

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

Abstract: There are provided measures for task responsibility coordination. Such measures exemplarily comprise recognizing addition of said network function entity to a network entity composition, acquiring task coordination responsibility information with respect to said network entity composition, analyzing said task coordination responsibility information, and initiating, if said task coordination responsibility information does not define a valid task coordination responsible for a specific task, addition of said network function entity as said task coordination responsible for said specific task.

Abstract: An apparatus comprising means for performing: sending, to a network entity, a Network Function Discovery request comprising parameter information; and receiving, from the network entity, a response to the request, the response comprising: at least one identifier for at least one Network Function service producer; and at least one of: information ranking the at least one Network Function service producer according to how well the at least one Network Function service producer matches the request; and an indication of how much of the parameter information is matched by one or more parameters of the at least one Network Function service producer.

Abstract: There is provided a method, computer program, and an apparatus for a network function service consumer, that causes the apparatus to perform: retrieving, from a first repository function, protected sensitive data; retrieving, from a second network function, at least one encrypted key; decrypting the retrieved at least one encrypted key using a private key associated with the network function service consumer to obtain a respective at least one key; and performing at least one of: decryption of the protected sensitive data using the at least one key to obtain sensitive data or integrity protected sensitive data; or verification of the integrity of the protected sensitive data using the at least one key.

Abstract: Systems, methods, and software of performing primary re-authentication of User Equipment (UE) (106). In one embodiment, a Unified Data Management (UDM) (218) triggers primary re-authentication of a UE in response to a trigger condition, and sends a re-authentication notification message toward an Access and Mobility Management Function (AMF) (212) to perform primary re-authentication of the UE.