WO2023152395A1 - Dissimulation d'un identifiant d'abonnement pour un réseau de communication - Google Patents

Dissimulation d'un identifiant d'abonnement pour un réseau de communication Download PDF

Info

Publication number
WO2023152395A1
WO2023152395A1 PCT/EP2023/053620 EP2023053620W WO2023152395A1 WO 2023152395 A1 WO2023152395 A1 WO 2023152395A1 EP 2023053620 W EP2023053620 W EP 2023053620W WO 2023152395 A1 WO2023152395 A1 WO 2023152395A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
fixed length
subscription
network
function
Prior art date
Application number
PCT/EP2023/053620
Other languages
English (en)
Inventor
Md MOHSIN ALI KHAN
John Mattsson
Vlasios Tsiatsis
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2023152395A1 publication Critical patent/WO2023152395A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data

Definitions

  • the present application relates generally to a communication network, and relates more specifically to concealment of a subscription identifier for such a network.
  • a communication network provides communication service to a communication device on the basis of a subscription to that communication network.
  • the subscription is identified by a subscription identifier.
  • the subscription identifier may take the form of an International Mobile Subscriber Identity (IMSI) or a Network Access Identifier (NAI), where the NAI is of the form username@realm.
  • IMSI International Mobile Subscriber Identity
  • NAI Network Access Identifier
  • a communication device transmits a subscription identifier in plaintext
  • the communication device s privacy is compromised. Indeed, the communication device’s geographical location could be tracked by tracking locations where the subscription identifier is transmitted. Concealing the subscription identifier before transmission, by encrypting that subscription identifier, preserves the subscriber’s privacy in this regard.
  • Some embodiments herein conceal subscription identifiers in a way that does not reveal information about the subscription identifiers’ lengths, yet is also not sensitive to the longest subscription identifier.
  • Some embodiments for example conceal fixed length identifiers that are obtained from hashing or mapping.
  • Subscription identifiers may be hashed, for example, according to a hash function that outputs the same length hash no matter the length of the subscription identifiers.
  • subscription identifiers may be mapped to different fixed length identifiers according to an injective mapping. Whether via hashing, mapping, or otherwise, the resulting fixed length identifiers have a fixed length that can be shorter than the longest subscription identifier.
  • fixed length identifiers obtained from hashing can just be longer than the average length subscription identifier and shorter than the longest length subscription identifier, whereas fixed length identifiers obtained from mapping can be shorter than the average length subscription identifier.
  • embodiments herein include a method performed by a communication device configured for use in a communication network.
  • the method comprises obtaining a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network.
  • the method also comprises encrypting the fixed length identifier to obtain a concealed identifier.
  • the method also comprises transmitting the concealed identifier.
  • obtaining the fixed length identifier comprises calculating the fixed length identifier as a function of the subscription identifier.
  • the function is a hash function.
  • calculating the fixed length identifier comprises calculating a hash of the subscription identifier using the hash function.
  • the hash function is an unkeyed hash function.
  • the hash function is a key derivation function, KDF.
  • an input key to the KDF is all zeroes.
  • the fixed length identifier is the hash.
  • calculating the fixed length identifier further comprises truncating the hash to a fixed length.
  • the fixed length identifier is the truncated hash.
  • the communication device is provisioned with the fixed length identifier in association with the subscription identifier.
  • the subscription identifier is mapped to the fixed length identifier. In one or more of these embodiments, the subscription identifier is mapped to the fixed length identifier according to an injective mapping between subscription identifiers and fixed length identifiers.
  • transmitting the concealed identifier comprises transmitting the concealed identifier to, or towards, the communication network.
  • the subscription identifier is a subscription permanent identifier, SUPI.
  • the concealed identifier is a subscription concealed identifier, SUCI.
  • the subscription identifier is a network access identifier, NAI, comprising a username and a realm.
  • the fixed length identifier has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier. In one or more of these embodiments, the fixed length identifier is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers.
  • At least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • the method further comprises transmitting signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier.
  • inventions herein include a method performed by network equipment configured for use in a communication network.
  • the method comprises receiving a concealed identifier from a communication device.
  • the method also comprises decrypting the concealed identifier to obtain a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network.
  • the method further comprises transmitting the decrypted identifier to other network equipment.
  • the other network equipment implements a unified data repository, UDR, for the communication network.
  • the network equipment implements a unified data management, UDM, function.
  • the fixed length identifier is a function of the subscription identifier. In one or more of these embodiments, the function is a hash function. In some embodiments, the fixed length identifier comprises a hash of the subscription identifier according to the hash function. In one or more of these embodiments, the hash function is an unkeyed hash function. In one or more of these embodiments, the hash function is a key derivation function, KDF. In one or more of these embodiments, an input key to the KDF is all zeroes. In one or more of these embodiments, the fixed length identifier is the hash or a truncated version of the hash.
  • the communication device is provisioned with the fixed length identifier in association with the subscription identifier.
  • the subscription identifier is mapped to the fixed length identifier. In one or more of these embodiments, the subscription identifier is mapped to the fixed length identifier based on an injective mapping between subscription identifiers and fixed length identifiers.
  • the subscription identifier is a subscription permanent identifier, SUPI.
  • the concealed identifier is a subscription concealed identifier, SUCI.
  • the subscription identifier is a network access identifier, NAI, comprising a username and a realm.
  • the fixed length identifier has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier. In one or more of these embodiments, the fixed length identifier is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers.
  • At least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • the method further comprises receiving signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier.
  • said decrypting is performed based on the signaling.
  • the method further comprises determining the subscription identifier associated with the fixed length identifier.
  • inventions herein include a method performed by network equipment configured for use in a communication network.
  • the method comprises obtaining a fixed length identifier.
  • the method also comprises determining a subscription identifier associated with the fixed length identifier.
  • the subscription identifier identifies a subscription to the communication network.
  • determining the subscription identifier comprises mapping the fixed length identifier to the subscription identifier.
  • the fixed length identifier is, or is a truncated version of, a hash of the subscription identifier.
  • the hash is an unkeyed hash.
  • the hash is calculated from a key derivation function, KDF.
  • an input key to the KDF is all zeroes.
  • the communication device is provisioned with the fixed length identifier in association with the subscription identifier.
  • said mapping is performed based on an injective mapping between subscription identifiers and fixed length identifiers.
  • the subscription identifier is a subscription permanent identifier, SUPI.
  • the subscription identifier is a network access identifier, NAI, comprising a username and a realm.
  • the fixed length identifier has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier. In one or more of these embodiments, the fixed length identifier is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers.
  • At least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • obtaining the fixed length identifier comprises receiving the fixed length identifier from other network equipment.
  • the other network equipment implements a unified data repository, UDR.
  • the method further comprises receiving, from the other network equipment, signaling indicating that the identifier received from the other network equipment is a fixed length identifier.
  • obtaining the fixed length identifier comprises receiving a concealed identifier from a communication device.
  • Obtaining the fixed length identifier also comprises decrypting the concealed identifier to obtain the fixed length identifier.
  • Figure 1 is a block diagram of a communication device and a communication network according to some embodiments.
  • Figure 2 is a block diagram of a 5G network according to some embodiments.
  • Figure 3 is a call flow diagram of a registration procedure in a 5G network according to some embodiments.
  • Figure 4 is a block diagram of SUCI calculation at a UE according to some embodiments.
  • Figure 5 is a block diagram of SUCI deconcealing at a home network according to some embodiments.
  • Figure 6 is a histogram of name lengths.
  • Figure 7 is a graph of bandwidth cost vs. k-anonymity.
  • Figure 8 is a call flow diagram for SUPI concealment according to some embodiments.
  • Figure 9 is a block diagram of a hash-based concealment on the UE-side according to some embodiments.
  • Figure 10 is a block diagram of a hash-based concealment on the network-side according to some embodiments.
  • Figure 11 is a block diagram of concealment on the UE-side according to some embodiments based on pre-provisioned fixed length identifiers.
  • Figure 12 is a block diagram of concealment on the network-side according to some embodiments based on pre-provisioned fixed length identifiers.
  • Figure 13 is a logic flow diagram of a method performed by a communication device according to some embodiments.
  • Figure 14 is a logic flow diagram of a method performed by network equipment according to some embodiments.
  • Figure 15 is a logic flow diagram of a method performed by network equipment according to other embodiments.
  • Figure 16 is a block diagram of a communication device according to some embodiments.
  • Figure 17 is a block diagram of network equipment according to other embodiments.
  • Figure 18 is a block diagram of a communication system in accordance with some embodiments
  • Figure 19 is a block diagram of a user equipment according to some embodiments.
  • Figure 20 is a block diagram of a network node according to some embodiments.
  • Figure 21 is a block diagram of a host according to some embodiments.
  • Figure 22 is a block diagram of a virtualization environment according to some embodiments.
  • Figure 23 is a block diagram of a host communicating via a network node with a UE over a partially wireless connection in accordance with some embodiments.
  • FIG. 1 shows a communication network 10 that provides communication service to a communication device 12 on the basis of a subscription to the communication network 10.
  • the subscription is identified by a subscription identifier 16S.
  • the subscription identifier 16S in some embodiments is a subscription permanent identifier, SUPI, e.g., as defined by 3GPP.
  • SUPI subscription permanent identifier
  • the subscription identifier 16S may take the form of an International Mobile Subscriber Identity (I M S I) or a Network Access Identifier (NAI), where the NAI is of the form username@realm.
  • I M S I International Mobile Subscriber Identity
  • NAI Network Access Identifier
  • different subscriptions to the communication network 10 are identified by different respective subscription identifiers (not shown).
  • the communication device 12 If the communication device 12 were to transmit the subscription identifier 16S in plaintext, the communication device’s privacy would be compromised. Indeed, the communication device’s geographical location could be tracked by tracking locations where the subscription identifier 16S is transmitted. The communication device 12 therefore conceals the subscription identifier 16S before transmission, to preserve the subscriber’s privacy.
  • the communication device 12 obtains a fixed length identifier 16F associated with the subscription identifier 16S.
  • the fixed length identifier 16F may be fixed in length in the sense that the length of the fixed length identifier 16F is fixed no matter the length of the subscription identifier 16F.
  • the length of the fixed length identifier 16F is the same as the length of all other fixed length identifiers associated with other respective subscription identifiers (or at least those that are the same type as the subscription identifier 16F, e.g., all other subscription identifiers that are NAIs). This may even be the case if at least some of the other subscription identifiers have different lengths. In these and other embodiments, then, the length of the fixed length identifier 16F does not reveal information about the length of the subscription identifier 16S.
  • the length of the fixed length identifier 16F is not sensitive to the longest subscription identifier among the subscription identifiers that identify subscriptions to the communication network 10. This means that the length of the fixed length identifier 16F in some embodiments is shorter than the longest subscription identifier. These and other embodiments thereby conserve transmission resources by minimizing identifier length.
  • the communication device 12 obtains the fixed length identifier 16F by calculating the fixed length identifier 16F as a function of the subscription identifier 16S.
  • this function may be a hash function.
  • the hash function may be an unkeyed hash function and/or a key derivation function (KDF), e.g., with an input key to the KDF being all zeroes.
  • KDF key derivation function
  • calculating the fixed length identifier 16F in this case comprises calculating a hash of the subscription identifier 16S using the hash function.
  • the fixed length identifier 16F is the hash.
  • the fixed length identifier 16F is a truncated version of that hash, i.e., the communication device 12 truncates the hash to the fixed length such that the fixed length identifier 16F is the truncated hash.
  • the communication device 12 may calculate the fixed length identifier 16F according to a function (e.g., a hash function) that has an input and an input, where the output has the fixed length for all possible values of the input.
  • the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.
  • the subscription identifier 16S is mapped to the fixed length identifier 16F, e.g., according to an injective mapping between subscription identifiers and fixed length identifiers.
  • the communication device 12 may just be provisioned with the fixed length identifier 16F in association with the subscription identifier 16S, e.g., rather than being provisioned with the mapping between different subscription identifiers and different respective fixed length identifiers and rather than the communication device 12 actually calculating the fixed length identifier 16F from the subscription identifier 16S.
  • the communication device 12 may obtain the fixed length identifier 16F from a hashing or mapping 20 of the subscription identifier 16S. Whether via hashing, mapping, or otherwise, the resulting fixed length identifier 16F in some embodiments has a fixed length that can be shorter than the longest subscription identifier. For example, in some embodiments, where the fixed length identifier 16F is obtained from hashing, the fixed length identifier 16F is longer than the average length subscription identifier and shorter than the longest length subscription identifier. In other embodiments where the fixed length identifier 16F is obtained from mapping, the fixed length identifier 16F is shorter than the average length subscription identifier.
  • the communication device 16F encrypts the fixed length identifier 16F in order to obtain a concealed identifier 16C.
  • the concealed identifier 16C may for example be a subscription concealed identifier (SUCI), e.g., as defined by 3GPP.
  • the communication device 12 then transmits the concealed identifier 16C, e.g., by transmitting the concealed identifier 16C to, or towards, the communication network 10 (possibly via a serving/visited network).
  • SUCI subscription concealed identifier
  • Network equipment 14 in the communication network 10 is shown as obtaining the concealed identifier 16C.
  • the network equipment 14 decrypts the concealed identifier 16C to recover the fixed length identifier 16F.
  • the network equipment 14 in this regard may implement or employ the use of a subscription identifier deconcealing function (SIDF).
  • SIDF subscription identifier deconcealing function
  • the network equipment 14 determines the subscription identifier 16S associated with the fixed length identifier 16F. This may for instance involve mapping 30 the fixed length identifier 16F to the subscription identifier 16S.
  • the hash may be one way such that the subscription identifier 16S cannot be recovered from its hash.
  • the mapping 30 at the network equipment 14 may map the fixed length identifier 16F to the subscription identifier 16S, e.g., in a lookup table where the lookup key is the fixed length identifier 16F.
  • the network equipment 14 may retrieve subscription data for the subscription identified by the determined subscription identifier 16S, e.g., as part of a registration procedure for registering the communication device 12 with the communication network 10.
  • the network equipment 14 herein may implement or comprise one or more network functions (NFs) or one or more network nodes. In some embodiments, the network equipment 14 performs one or more of the steps mentioned above but other network equipment not shown performs other step(s). For example, the network equipment 14 may decrypt the concealed identifier 16C and transmit the resulting fixed length identifier 16F to other network equipment for further processing. Or, the network equipment 14 may receive the fixed length identifier 16F from other network equipment not shown and determine the corresponding subscription identifier 16S. Or, the network equipment 14 may decrypt the concealed identifier 16C and determine the corresponding subscription identifier 16S itself.
  • NFs network functions
  • the subscription identifier 16S is exemplified as a SUPI of type NAI
  • the communication device 12 is exemplified as a user equipment (UE)
  • the concealed identifier 16C is exemplified as a SUCI in a 5G network.
  • 5G is a next generation of mobile networks developed by a standard developing organization called the 3GPP.
  • the earlier generations of mobile networks were called 4G/LTE, 3G/UMTS, and 2G/GSM, where LTE stands for Long Term Evolution, UMTS stands for Universal Mobile Telecommunications System, and GSM stands for Global System for Mobile Communications.
  • MNOs Mobile Network Operators
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • a 5G network includes a serving network 10S and a home network 10H.
  • the serving network 10S serves a user equipment (UE) 12 via a next generation (NG) radio access network (RAN) 10S-R and a 5G Core (5GC) 10S-C.
  • UE user equipment
  • NG next generation
  • RAN radio access network
  • 5GC 5G Core
  • Each subscription in a mobile network operator’s (MNO's) 5G network is identified by a unique long-term identifier called the Subscription Permanent Identifier (SUPI).
  • SUPI Subscription Permanent Identifier
  • Users wirelessly access a 5G network over-the-air using a wireless device known as User Equipment (UE).
  • UE User Equipment
  • a 5G network needs to identify a user, i.e., the user's subscription, behind a UE.
  • UEs in earlier generation of mobile networks (4G, 3G, and 2G) used to send users' unique long-term identifier over-the- air in plain text. This was considered a privacy issue because users could be tracked or identified by any unauthorized entity capable of intercepting message or acting as man-in-the- middle over-the-air.
  • each MNO has an ability to offer better privacy to its users so that their unique long-term identifiers (i.e., SUPIs) are not visible over-the-air. That ability comes from a mechanism in which UEs, instead of sending SUPIs, calculate and send concealed identifiers over-the-air, which is called the Subscription Concealed Identifier (SUCI).
  • SUPIs unique long-term identifiers
  • SUCI Subscription Concealed Identifier
  • the calculation of SUCI means encryption of the SUPI by the UE. This is done before the SUCI is transferred over-the-air between the UE and the 5G network.
  • the encryption is of asymmetric type and uses the home network’s (HN's) public key (denoted HN public key).
  • HN provisions the HN public key to the UE.
  • Some example of the encryption schemes are EIGamal encryption scheme, Elliptic Curve Integrated Encryption Scheme (ECIES), and Rivest-Shamir-Adleman (RSA) encryption, as well as various quantum-resistant schemes.
  • null-scheme does not do any actual encryption, rather produces the same output as the input. It effectively means that a SUCI calculated using the "null-scheme" will comprise of the information in SUPI in clear-text over- the-air.
  • the MNO provisions UEs with all the necessary information for the calculation of SUCI, denoted as SUCI encryption parameters.
  • the HN public key and the encryption scheme are two examples of the said encryption parameters.
  • FIG. 3 A high-level sequence diagram showing message flow comprising the SUCI is shown in Figure 3.
  • Step 1 the UE connects to a gNB over-the-air (the gNB being a 5G base station and part of the 5G Radio Access Network (RAN) 10S-R) and sends a Registration Request message which comprises a SUCI calculated by the UE.
  • the gNB forwards the received Registration Request message to a core network node.
  • the core network node is denoted as an Access and Mobility Management Function (AMF) or Security Anchor Function (SEAF) interchangeably.
  • AMF Access and Mobility Management Function
  • SEAF Security Anchor Function
  • the gNB and AMF/SEAF are collectively denoted as Serving Network (SN) since these network functions reside in the serving network.
  • the SEAF further locates the Authentication Server Function (AUSF).
  • AUSF Authentication Server Function
  • the SEAF then creates and sends to the AUSF in Step 3 a 5G Authentication Information Request (AIR) that among other information contains the received SUCI.
  • AIR 5G Authentication Information Request
  • the AUSF then contacts the Unified Data Management (UDM) or Subscription Identifier De-concealing Function (SIDF) function in Step 4.
  • UDM Unified Data Management
  • SIDF Subscription Identifier De-concealing Function
  • the AUSF and UDM/SIDF are collectively denoted as Home Network (HN) since these network functions reside in the home network.
  • Some embodiments herein operate according to the above described wireless access to the 5G core over 3GPP 5G access.
  • Devices may also connect to a 5G core over non-3GPP accesses that can be wireless or wired.
  • SUCI protection is currently only defined for 5G, but the mechanisms would be similar if SUCI was defined for older generations of networks such as 4G, 3G, and 2G.
  • SUPI as defined in 3GPP TS 23.003 v17.4.0.
  • the SUPI and the SUCI formats are outlined below.
  • the SUPI contains the following parts (shown below with "
  • SUPI SUPI type
  • SUPI value where the SUPI value can currently be either of type International Mobile Subscription Identity (IMS I) or network specific identifier (NSI, also sometimes called as network access identifier or NAI). In the future, other SUPI types may be defined. In either case, the SUPI value consists of a home network identifier and a subscription identifier. It is the subscription identifier which is concealed in the SUCI. If the SUPI is of type I MSI , the Home Network identifier consists of a Mobile Country Code (MCC) and Mobile Network Code (MNC) and the subscription identifier is called Mobile Subscription Identification Number (MSIN). Therefore, the IMSI contains the following parts (separated b
  • the SUPI is of type network specific identifier (NSI)
  • the Home Network Identifier (HNI) is generally represented by the so-called “realm”
  • the subscription identifier is generally represented by the so-called “username”. Therefore, the NAI looks like below:
  • the SUCI contains the following parts (separated by
  • SUCI SUPI type
  • the SUCI has the following fields: (i) the SUPI Type as defined in 3GPP TS 23.003 v17.4.0 identifies the type of the SUPI concealed in the SUCI; (ii) the Home Network Identifier is set to the MCC and MNC of the IMSI as specified in 3GPP TS 23.003 v17.4.0; (iii) the Routing Indicator as specified in 3GPP TS 23.003 v17.4.0; (iv) the Protection Scheme Identifier as specified in Annex C of 3GPP TS 33.501 v17.4.0; (v) the Home Network Public Key Identifier as specified in 3GPP TS 33.501 v17.4.0and detailed in TS 23.003 v17.4.0; (v) the Scheme Output as specified in this document and detailed in 3GPP TS 23.003 v17.4.0.
  • the SUCI in NAI format has following fields: (i) the realm part of the SUCI is set to the realm part of the SUPI; (ii) the username part of the SUCI is formatted as specified in 3GPP TS 23.003 v17.4.0 using the SUPI Type, Routing Indicator, the Protection Scheme Identifier, the Home Network Public Key Identifier and the Scheme Output.
  • Some embodiments are operable according to 3GPP TS 33.501 v17.4.0 in which 3 standardized concealment schemes identifiers are specified as below: (1) Null- scheme; (2) Profile A (based on Elliptic Curve Integrated Encryption Scheme (ECIES) and uses Curve25519); (3) Profile B (also based on ECIES and uses secp256r1).
  • 3 standardized concealment schemes identifiers are specified as below: (1) Null- scheme; (2) Profile A (based on Elliptic Curve Integrated Encryption Scheme (ECIES) and uses Curve25519); (3) Profile B (also based on ECIES and uses secp256r1).
  • some embodiments reserve 9 placeholders for identifying concealment schemes to be standardized in future. Furthermore, it has reserved 4 placeholders for identifying proprietary concealment schemes.
  • Some embodiments herein employ ECIES based encryption at the UE as presented in Figure 4 and Figure 5 (from Figure C.3.2-1 and Figure C.3.3-1 of 3GPP TS 33.501 v17.4.0). What is important to notice is the size of the output from these concealment schemes. 3GPP TS 33.501 v17.4.0 specifies the size as below.
  • the size of output is equal to the size of input.
  • the size of output is equal to the total of 256-bit public key, 64-bit MAC, plus size of input.
  • the size of output is equal to the total of 264-bit public key, 64-bit MAC, plus size of input.
  • the maximum size of output is total of 3000 octets plus size of input.
  • the size of input in the above is the size of username used in case of NAI format or MSIN in case of IMSI.
  • the length of the MSIN is typically fixed to 9 or 10 digits in a single MNC. This means that if the MNC is send in the clear, the length of the MSIN does not reveal any new information to a well-informed attacker. In the future, longer and variable length IMSIs with new fields may be introduced.
  • the MSIN may have variable length, say, between 9 to 20 digits.
  • the NAI format SUPI can have variable length username, as specified in clause 2.2 of IETF RFC 7542 [4],
  • SUCI uses AES-128 in CTR (counter) mode and guarantees that even a very capable theoretical attacker cannot distinguish the encrypted ciphertext from a random string. But this guaranteeing assumes fixed lengths plaintexts and if this is not true then the indistinguishability is broken.
  • the vast majority of 5G networks heretofore use the SUPI type IMSI where the MSIN has a fixed length for a given MCC.
  • SUCI therefore provides indistinguishability.
  • the SUPI type is NSI
  • the username is variable length and indistinguishability heretofore no longer holds. An attacker would in this case get perfect information regarding the length of the username.
  • K-anonymity is a popular and easy way to understand the property of anonymized data. K-anonymity is sometimes referred to as a "hiding in the crowd" guarantee, any of the K records in the group could correspond to a single person.
  • Pad with padding where length of padding is randomly, pseudo-randomly or deterministically chosen from a statistical distribution.
  • N6 is randomly, pseudo-randomly or deterministically chosen from a statistical distribution.
  • N7 is randomly, pseudo-randomly or deterministically chosen from a statistical distribution.
  • Block-length padding Pad to a length that is a multiple of blocks of size sz, starting at min number of blocks.
  • Power-length padding Pad to a length that is a power of base b, starting at min power.
  • Random block-length padding (rnbBlk-sz-blks-min): First pad to a length that is a multiple of blocks of size sz, starting at min number of blocks. Then, add random number (between 0 and blks ) of extra blocks.
  • Random-length padding Pad with random number (between 1 and len) of bytes.
  • the known padding mechanisms do not solve the problem of variable length of NAI format SUPIs. After padding, the SUPIs may still have variable lengths. Therefore, the padding mechanisms may or may not provide desired privacy - depending on various conditions. Padding up to the length of the longest NAI format SUPI can solve the problem of variable length, but the message expansion, in that case, is significantly high. The bandwidth cost introduced by the padding methods is a problem.
  • bandwidth cost function One way to calculate the bandwidth cost function is to calculate it as the average increase in message size as a weighted sum of all the padded lengths normalized by the unpadded cost.
  • the plots in Figure 7 result.
  • the bandwidth cost On the X-axis is the bandwidth cost, and on the Y-axis is the K-anonymity (logarithm of base 10).
  • the maximum achievable value for K is the population size and is shown as a horizontal dashed line.
  • Some embodiments herein build an injective map between SUPIs and fixed length identifiers, and encrypt fixed length identifiers associated with SUPIs, instead of SUPIs themselves, into SUCIs.
  • the map can be built in two ways: (i) unkeyed hashing (ii) other algorithmic mechanism to ensure each SUPI is assigned a unique fixed length identifier.
  • the UE computes an unkeyed hash of the NAI format SUPI and encrypts the hash of the SUPI, instead of the SUPI itself, into a SUCI.
  • a hash function is the 3GPP key derivation function (KDF) specified in TS 33.220 v17.2.0 with a dummy key, e.g., all zeros.
  • KDF 3GPP key derivation function
  • the output of the KDF may be truncated to a desired length.
  • the unified data management (UDM) gets the SUCI decrypted with the help from the Authentication Credential Repository and Processing Function (ARPF) and SIDF, and obtains the hash of the SUPI.
  • the UDM sends the hash of the SUPI to the unified data repository (UDR).
  • the UDR maintains a map between the SUPIs and their unkeyed hashes.
  • the UDR retrieves the SUPI and sends it to the UDM.
  • a fixed length identifier which may not be the hash of the NAI format SUPI, is associated with the NAI.
  • the UE is provisioned with both the NAI format SUPI and the fixed length identifier.
  • the UE encrypts the fixed length identifier associated with the NAI.
  • the UDM gets the SUCI decrypted with the help from ARPF and SIDF, and obtains the fixed length identifier.
  • the UDM sends the fixed length identifier to the UDR.
  • the UDR maintains a map between the SUPIs and their fixed length identifier.
  • the UDR retrieves the SUPI and sends it to the UDM.
  • Some embodiments make sure that NAI format SUPIs are mapped into fixed length identifiers and the fixed length identifiers, instead of the NAI format SUPIs, are encrypted into SUCIs. Hashing the NAI-format SUPIs is one way to build the map. Another way to build the map is to assign a unique fixed length identifier to each SUPIs.
  • Certain embodiments may provide one or more of the following technical advantage(s).
  • SUCIs do not reveal any information about the length of the actual NAI format SUPIs.
  • NAI-format SUPIs can be chosen as specified in IETF RFC 7542 without worrying about their length.
  • building the map, through hashing or other algorithmic mechanism is computationally inexpensive.
  • the UEs do not need to be provisioned with the fixed length identifiers.
  • the fixed length identifiers (therefore, SUCIs too) can be significantly shorter than the longest SUPI.
  • SUCI computation mechanism conforms with the general constraints of using symmetric-key encryption towards achieving security notions like real-or- random, left-or-right, or semantic security.
  • the fixed length identifier obtained by padding is sensitive to the longest SUPI. But some embodiments can have fixed-length identifiers much shorter than the longest SUPI. In case of hashing the length would be a bit longer than the average length of SUPIs. In case of other algorithmic mechanism to build the mapping, the length can be much shorter than the average length.
  • Step 1 The UE maps the NAI SUPI into a fixed value FIX_VAL.
  • the mapping can be based on a mapping function (hash function, KDF) or a simple mapping table.
  • Step 2 The fixed value is used in the SUCI calculation as input instead of the SUPI.
  • Step 3 The new SUCI is transported in related messages in relevant procedures from the UE to the home network via the serving network as also described in Figure 2.
  • Step 4 The UDM/SIDF de-conceals the SUCI and extracts the fixed value FIX_VAL.
  • Step 5 Depending on the mapping performed by the UE the SUPI mapped to the FIX_VAL is retrieved.
  • Blocks B1 and B2 in Figure 9, and blocks B3 and B4 in Figure 10, are the new additions according to some embodiments.
  • each NAI format SUPI is assigned a unique short, fixed length identifier while reserving or assigning the SUPI.
  • the UE and UDR can be provisioned with the identifier at the same time they are provisioned with the SUPI.
  • the SUCI can be created as shown in Figure 11 and the SUPI can be extracted from a SUCI as shown in Figure 12.
  • Block B5 in Figure 12 and Blocks B6 and B7, show the new additions.
  • the UE refers to several parts or components that altogether enable the user(s) of the UE to access the services provided by the network. On a high level, it consists of at least the Universal Subscriber Identity Module (USIM) and the Mobile Equipment (ME).
  • USIM Universal Subscriber Identity Module
  • ME Mobile Equipment
  • Figure 13 depicts a method performed by a communication device 12 configured for use in a communication network 10 in accordance with particular embodiments.
  • the method comprises obtaining a fixed length identifier 16F associated with a subscription identifier 16S identifying a subscription to the communication network 10 (Block 1300).
  • the method also comprises encrypting the fixed length identifier 16F to obtain a concealed identifier 16C (Block 1310).
  • the method also comprises transmitting the concealed identifier 16C (Block 1320).
  • obtaining the fixed length identifier 16F comprises calculating the fixed length identifier 16F as a function of the subscription identifier 16S.
  • the function is a hash function.
  • calculating the fixed length identifier 16F comprises calculating a hash of the subscription identifier 16S using the hash function.
  • the hash function is an unkeyed hash function.
  • the hash function is a key derivation function, KDF.
  • an input key to the KDF is all zeroes.
  • the fixed length identifier 16F is the hash.
  • calculating the fixed length identifier 16F further comprises truncating the hash to a fixed length. In this case, the fixed length identifier 16F may be the truncated hash.
  • the communication device 12 is provisioned with the fixed length identifier 16F in association with the subscription identifier 16S.
  • the subscription identifier 16S is mapped to the fixed length identifier 16F. In one or more of these embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F according to an injective mapping between subscription identifiers and fixed length identifiers.
  • transmitting the concealed identifier 16C comprises transmitting the concealed identifier 16C to, or towards, the communication network 10.
  • the subscription identifier 16S is a subscription permanent identifier, SUPI.
  • the concealed identifier 16C is a subscription concealed identifier, SUCI.
  • the subscription identifier 16S is a network access identifier, NAI, comprising a username and a realm.
  • the fixed length identifier 16F has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier 16S.
  • the fixed length identifier 16F is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.
  • all subscriptions to the communication network 10 are identified by respective subscription identifiers.
  • the subscription identifiers are associated with respective fixed length identifiers.
  • at least some of the subscription identifiers have different lengths.
  • each of the fixed length identifiers has the same fixed length.
  • all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • the method further comprises transmitting signaling indicating that the concealed identifier 16C conceals the fixed length identifier 16F rather than concealing the subscription identifier 16S (Block 1330).
  • Figure 14 shows a method performed by network equipment 14 configured for use in a communication network 10.
  • the method comprises receiving a concealed identifier 16C from a communication device 12 (Block 1400).
  • the method also comprises decrypting the concealed identifier 16C to obtain a fixed length identifier 16F associated with a subscription identifier 16S identifying a subscription to the communication network 10 (Block 1410).
  • the method further comprises transmitting the decrypted identifier to another network node.
  • the another network node implements a unified data repository, UDR, for the communication network 10.
  • the network node implements a unified data management, UDM, function.
  • the fixed length identifier 16F is a function of the subscription identifier 16S. In one or more of these embodiments, the function is a hash function. In some embodiments, the fixed length identifier 16F comprises a hash of the subscription identifier 16S according to the hash function, e.g., an unkeyed hash function. In one or more of these embodiments, the hash function is a key derivation function, KDF. In some embodiments, an input key to the KDF is all zeroes. In some embodiments, the fixed length identifier 16F is the hash or a truncated version of the hash.
  • the communication device 12 is provisioned with the fixed length identifier 16F in association with the subscription identifier 16S.
  • the subscription identifier 16S is mapped to the fixed length identifier 16F. In one or more of these embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F based on an injective mapping between subscription identifiers and fixed length identifiers.
  • the subscription identifier 16S is a subscription permanent identifier, SUPI.
  • the concealed identifier 16C is a subscription concealed identifier, SUCI.
  • the subscription identifier 16S is a network access identifier, NAI, comprising a username and a realm.
  • NAI network access identifier
  • the fixed length identifier 16F has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier 16S.
  • the fixed length identifier 16F is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.
  • all subscriptions to the communication network 10 are identified by respective subscription identifiers.
  • the subscription identifiers are associated with respective fixed length identifiers.
  • at least some of the subscription identifiers have different lengths.
  • each of the fixed length identifiers has the same fixed length.
  • all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • the method further comprises receiving signaling indicating that the concealed identifier 16C conceals the fixed length identifier 16F rather than concealing the subscription identifier 16S.
  • said decrypting is performed based on the signaling.
  • the method further comprises determining the subscription identifier 16S associated with the fixed length identifier 16F.
  • Figure 15 shows a method performed by network equipment 14 configured for use in a communication network 10.
  • the method comprises obtaining a fixed length identifier 16F (Block 1500).
  • the method also comprises determining a subscription identifier 16S associated with the fixed length identifier 16F (Block 1510).
  • the subscription identifier 16S identifies a subscription to the communication network 10.
  • determining the subscription identifier 16S comprises mapping the fixed length identifier 16F to the subscription identifier 16S.
  • the fixed length identifier 16F is, or is a truncated version of, a hash of the subscription identifier 16S.
  • the hash is an unkeyed hash.
  • the hash is calculated from a key derivation function, KDF.
  • an input key to the KDF is all zeroes.
  • the communication device 12 is provisioned with the fixed length identifier 16F in association with the subscription identifier 16S.
  • said mapping is performed based on an injective mapping between subscription identifiers and fixed length identifiers.
  • the subscription identifier 16S is a subscription permanent identifier, SUPI.
  • the subscription identifier 16S is a network access identifier, NAI, comprising a username and a realm.
  • the fixed length identifier 16F has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier 16S.
  • the fixed length identifier 16F is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.
  • all subscriptions to the communication network 10 are identified by respective subscription identifiers.
  • the subscription identifiers are associated with respective fixed length identifiers.
  • at least some of the subscription identifiers have different lengths.
  • each of the fixed length identifiers has the same fixed length.
  • all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • obtaining the fixed length identifier 16F comprises receiving the fixed length identifier 16F from another network node.
  • the another network node implements a unified data repository, UDR.
  • the method further comprises receiving, from the another network node, signaling indicating that the identifier received from the another network node is a fixed length identifier 16F.
  • obtaining the fixed length identifier 16F comprises receiving a concealed identifier 16C from a communication device 12. In some embodiments, obtaining the fixed length identifier 16F also comprises decrypting the concealed identifier 16C to obtain the fixed length identifier 16F.
  • the method also comprises retrieving subscription data for the subscription identified by the determined subscription identifier (Block 1520).
  • Embodiments herein also include corresponding apparatuses.
  • Embodiments herein for instance include a communication device 12 configured to perform any of the steps of any of the embodiments described above for the communication device 12.
  • Embodiments also include a communication device 12 comprising processing circuitry and power supply circuitry.
  • the processing circuitry is configured to perform any of the steps of any of the embodiments described above for the communication device 12.
  • the power supply circuitry is configured to supply power to the communication device 12.
  • Embodiments further include a communication device 12 comprising processing circuitry.
  • the processing circuitry is configured to perform any of the steps of any of the embodiments described above for the communication device 12.
  • the communication device 12 further comprises communication circuitry.
  • Embodiments further include a communication device 12 comprising processing circuitry and memory.
  • the memory contains instructions executable by the processing circuitry whereby the communication device 12 is configured to perform any of the steps of any of the embodiments described above for the communication device 12.
  • Embodiments moreover include a user equipment (UE).
  • the UE comprises an antenna configured to send and receive wireless signals.
  • the UE also comprises radio front-end circuitry connected to the antenna and to processing circuitry, and configured to condition signals communicated between the antenna and the processing circuitry.
  • the processing circuitry is configured to perform any of the steps of any of the embodiments described above for the communication device 12.
  • the UE also comprises an input interface connected to the processing circuitry and configured to allow input of information into the UE to be processed by the processing circuitry.
  • the UE may comprise an output interface connected to the processing circuitry and configured to output information from the UE that has been processed by the processing circuitry.
  • the UE may also comprise a battery connected to the processing circuitry and configured to supply power to the UE.
  • Embodiments herein also include network equipment 14 configured to perform any of the steps of any of the embodiments described above for network equipment 14.
  • Embodiments also include network equipment 14 comprising processing circuitry and power supply circuitry.
  • the processing circuitry is configured to perform any of the steps of any of the embodiments described above for network equipment 14.
  • the power supply circuitry is configured to supply power to the network equipment 14.
  • Embodiments further include network equipment 14 comprising processing circuitry.
  • the processing circuitry is configured to perform any of the steps of any of the embodiments described above for network equipment 14.
  • the network equipment 14 further comprises communication circuitry.
  • Embodiments further include network equipment 14 comprising processing circuitry and memory.
  • the memory contains instructions executable by the processing circuitry whereby the network equipment 14 is configured to perform any of the steps of any of the embodiments described above for network equipment 14.
  • the apparatuses described above may perform the methods herein and any other processing by implementing any functional means, modules, units, or circuitry.
  • the apparatuses comprise respective circuits or circuitry configured to perform the steps shown in the method figures.
  • the circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • the circuitry may include one or more microprocessor or microcontrollers, as well as other digital hardware, which may include digital signal processors (DSPs), special-purpose digital logic, and the like.
  • the processing circuitry may be configured to execute program code stored in memory, which may include one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • Program code stored in memory may include program instructions for executing one or more telecommunications and/or data communications protocols as well as instructions for carrying out one or more of the techniques described herein, in several embodiments.
  • the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.
  • Figure 16 for example illustrates a communication device 12 as implemented in accordance with one or more embodiments.
  • the communication device 12 includes processing circuitry 1610 and communication circuitry 1620.
  • the communication circuitry 1620 e.g., radio circuitry
  • the processing circuitry 1610 is configured to perform processing described above, e.g., in Figure 13, such as by executing instructions stored in memory 1630.
  • the processing circuitry 1610 in this regard may implement certain functional means, units, or modules.
  • Figure 17 illustrates network equipment 14 as implemented in accordance with one or more embodiments.
  • the network equipment 14 includes processing circuitry 1710 and communication circuitry 1720.
  • the communication circuitry 1720 is configured to transmit and/or receive information to and/or from one or more other nodes, e.g., via any communication technology.
  • the processing circuitry 1710 is configured to perform processing described above, e.g., in Figure 14 and/or 15, such as by executing instructions stored in memory 1730.
  • the processing circuitry 1710 in this regard may implement certain functional means, units, or modules.
  • a computer program comprises instructions which, when executed on at least one processor of an apparatus, cause the apparatus to carry out any of the respective processing described above.
  • a computer program in this regard may comprise one or more code modules corresponding to the means or units described above.
  • Embodiments further include a carrier containing such a computer program.
  • This carrier may comprise one of an electronic signal, optical signal, radio signal, or computer readable storage medium.
  • embodiments herein also include a computer program product stored on a non-transitory computer readable (storage or recording) medium and comprising instructions that, when executed by a processor of an apparatus, cause the apparatus to perform as described above.
  • Embodiments further include a computer program product comprising program code portions for performing the steps of any of the embodiments herein when the computer program product is executed by a computing device.
  • This computer program product may be stored on a computer readable recording medium.
  • Figure 18 shows an example of a communication system 1800 in accordance with some embodiments.
  • the communication system 1800 includes a telecommunication network 1802 that includes an access network 1804, such as a radio access network (RAN), and a core network 1806, which includes one or more core network nodes 1808.
  • the access network 1804 includes one or more access network nodes, such as network nodes 1810a and 1810b (one or more of which may be generally referred to as network nodes 1810), or any other similar 3 rd Generation Partnership Project (3GPP) access node or non-3GPP access point.
  • 3GPP 3 rd Generation Partnership Project
  • the network nodes 1810 facilitate direct or indirect connection of user equipment (UE), such as by connecting UEs 1812a, 1812b, 1812c, and 1812d (one or more of which may be generally referred to as UEs 1812) to the core network 1806 over one or more wireless connections.
  • UE user equipment
  • Example wireless communications over a wireless connection include transmitting and/or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and/or other types of signals suitable for conveying information without the use of wires, cables, or other material conductors.
  • the communication system 1800 may include any number of wired or wireless networks, network nodes, UEs, and/or any other components or systems that may facilitate or participate in the communication of data and/or signals whether via wired or wireless connections.
  • the communication system 1800 may include and/or interface with any type of communication, telecommunication, data, cellular, radio network, and/or other similar type of system.
  • the UEs 1812 may be any of a wide variety of communication devices, including wireless devices arranged, configured, and/or operable to communicate wirelessly with the network nodes 1810 and other communication devices.
  • the network nodes 1810 are arranged, capable, configured, and/or operable to communicate directly or indirectly with the UEs 1812 and/or with other network nodes or equipment in the telecommunication network 1802 to enable and/or provide network access, such as wireless network access, and/or to perform other functions, such as administration in the telecommunication network 1802.
  • the core network 1806 connects the network nodes 1810 to one or more hosts, such as host 1816. These connections may be direct or indirect via one or more intermediary networks or devices. In other examples, network nodes may be directly coupled to hosts.
  • the core network 1806 includes one more core network nodes (e.g., core network node 1808) that are structured with hardware and software components. Features of these components may be substantially similar to those described with respect to the UEs, network nodes, and/or hosts, such that the descriptions thereof are generally applicable to the corresponding components of the core network node 1808.
  • Example core network nodes include functions of one or more of a Mobile Switching Center (MSC), Mobility Management Entity (MME), Home Subscriber Server (HSS), Access and Mobility Management Function (AMF), Session Management Function (SMF), Authentication Server Function (AUSF), Subscription Identifier De-concealing function (SIDF), Unified Data Management (UDM), Security Edge Protection Proxy (SEPP), Network Exposure Function (NEF), and/or a User Plane Function (UPF).
  • MSC Mobile Switching Center
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • AUSF Authentication Server Function
  • SIDF Subscription Identifier De-concealing function
  • UDM Unified Data Management
  • SEPP Security Edge Protection Proxy
  • NEF Network Exposure Function
  • UPF User Plane Function
  • the host 1816 may be under the ownership or control of a service provider other than an operator or provider of the access network 1804 and/or the telecommunication network 1802, and may be operated by the service provider or on behalf of the service provider.
  • the host 1816 may host a variety of applications to provide one or more service. Examples of such applications include live and pre-recorded audio/video content, data collection services such as retrieving and compiling data on various ambient conditions detected by a plurality of UEs, analytics functionality, social media, functions for controlling or otherwise interacting with remote devices, functions for an alarm and surveillance center, or any other such function performed by a server.
  • the communication system 1800 of Figure 18 enables connectivity between the UEs, network nodes, and hosts.
  • the communication system may be configured to operate according to predefined rules or procedures, such as specific standards that include, but are not limited to: Global System for Mobile Communications (GSM); Universal Mobile Telecommunications System (UMTS); Long Term Evolution (LTE), and/or other suitable 2G, 3G, 4G, 5G standards, or any applicable future generation standard (e.g., 6G); wireless local area network (WLAN) standards, such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards (WiFi); and/or any other appropriate wireless communication standard, such as the Worldwide Interoperability for Microwave Access (WiMax), Bluetooth, Z-Wave, Near Field Communication (NFC) ZigBee, LiFi, and/or any low- power wide-area network (LPWAN) standards such as LoRa and Sigfox.
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • the telecommunication network 1802 is a cellular network that implements 3GPP standardized features. Accordingly, the telecommunications network 1802 may support network slicing to provide different logical networks to different devices that are connected to the telecommunication network 1802. For example, the telecommunications network 1802 may provide Ultra Reliable Low Latency Communication (URLLC) services to some UEs, while providing Enhanced Mobile Broadband (eMBB) services to other UEs, and/or Massive Machine Type Communication (mMTC)ZMassive loT services to yet further UEs.
  • URLLC Ultra Reliable Low Latency Communication
  • eMBB Enhanced Mobile Broadband
  • mMTC Massive Machine Type Communication
  • the UEs 1812 are configured to transmit and/or receive information without direct human interaction.
  • a UE may be designed to transmit information to the access network 1804 on a predetermined schedule, when triggered by an internal or external event, or in response to requests from the access network 1804.
  • a UE may be configured for operating in single- or multi-RAT or multi-standard mode.
  • a UE may operate with any one or combination of Wi-Fi, NR (New Radio) and LTE, i.e. being configured for multi-radio dual connectivity (MR-DC), such as E-UTRAN (Evolved-UMTS Terrestrial Radio Access Network) New Radio - Dual Connectivity (EN-DC).
  • MR-DC multi-radio dual connectivity
  • the hub 1814 communicates with the access network 1804 to facilitate indirect communication between one or more UEs (e.g., UE 1812c and/or 1812d) and network nodes (e.g., network node 1810b).
  • the hub 1814 may be a controller, router, content source and analytics, or any of the other communication devices described herein regarding UEs.
  • the hub 1814 may be a broadband router enabling access to the core network 1806 for the UEs.
  • the hub 1814 may be a controller that sends commands or instructions to one or more actuators in the UEs.
  • the hub 1814 may be a data collector that acts as temporary storage for UE data and, in some embodiments, may perform analysis or other processing of the data.
  • the hub 1814 may be a content source. For example, for a UE that is a VR headset, display, loudspeaker or other media delivery device, the hub 1814 may retrieve VR assets, video, audio, or other media or data related to sensory information via a network node, which the hub 1814 then provides to the UE either directly, after performing local processing, and/or after adding additional local content.
  • the hub 1814 acts as a proxy server or orchestrator for the UEs, in particular in if one or more of the UEs are low energy loT devices.
  • the hub 1814 may have a constant/persistent or intermittent connection to the network node 1810b.
  • the hub 1814 may also allow for a different communication scheme and/or schedule between the hub 1814 and UEs (e.g., UE 1812c and/or 1812d), and between the hub 1814 and the core network 1806.
  • the hub 1814 is connected to the core network 1806 and/or one or more UEs via a wired connection.
  • the hub 1814 may be configured to connect to an M2M service provider over the access network 1804 and/or to another UE over a direct connection.
  • UEs may establish a wireless connection with the network nodes 1810 while still connected via the hub 1814 via a wired or wireless connection.
  • the hub 1814 may be a dedicated hub - that is, a hub whose primary function is to route communications to/from the UEs from/to the network node 1810b.
  • the hub 1814 may be a non-dedicated hub - that is, a device which is capable of operating to route communications between the UEs and network node 1810b, but which is additionally capable of operating as a communication start and/or end point for certain data channels.
  • a UE refers to a device capable, configured, arranged and/or operable to communicate wirelessly with network nodes and/or other UEs.
  • a UE include, but are not limited to, a smart phone, mobile phone, cell phone, voice over IP (VoIP) phone, wireless local loop phone, desktop computer, personal digital assistant (PDA), wireless cameras, gaming console or device, music storage device, playback appliance, wearable terminal device, wireless endpoint, mobile station, tablet, laptop, laptop-embedded equipment (LEE), laptop-mounted equipment (LME), smart device, wireless customer-premise equipment (CPE), vehicle-mounted or vehicle embedded/integrated wireless device, etc.
  • VoIP voice over IP
  • PDA personal digital assistant
  • gaming console or device music storage device, playback appliance
  • wearable terminal device wireless endpoint, mobile station, tablet, laptop, laptop-embedded equipment (LEE), laptop-mounted equipment (LME), smart device, wireless customer-premise equipment (CPE), vehicle-mounted or vehicle embedded/integrated wireless device, etc.
  • UEs identified by the 3rd Generation Partnership Project (3GPP), including a narrow band internet of things (NB-loT) UE, a machine type communication (MTC) UE, and/or an enhanced MTC (eMTC) UE.
  • 3GPP 3rd Generation Partnership Project
  • NB-loT narrow band internet of things
  • MTC machine type communication
  • eMTC enhanced MTC
  • a UE may support device-to-device (D2D) communication, for example by implementing a 3GPP standard for sidelink communication, Dedicated Short-Range Communication (DSRC), vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), or vehicle-to-everything (V2X).
  • D2D device-to-device
  • DSRC Dedicated Short-Range Communication
  • V2V vehicle-to-vehicle
  • V2I vehicle-to-infrastructure
  • V2X vehicle-to-everything
  • a UE may not necessarily have a user in the sense of a human user who owns and/or operates the relevant device.
  • a UE may represent a device that is intended for sale to, or operation by, a human user but which may not, or which may not initially, be associated with a specific human user (e.g., a smart sprinkler controller).
  • a UE may represent a device that is not intended for sale
  • the UE 1900 includes processing circuitry 1902 that is operatively coupled via a bus 1904 to an input/output interface 1906, a power source 1908, a memory 1910, a communication interface 1912, and/or any other component, or any combination thereof.
  • Certain UEs may utilize all or a subset of the components shown in Figure 19. The level of integration between the components may vary from one UE to another UE. Further, certain UEs may contain multiple instances of a component, such as multiple processors, memories, transceivers, transmitters, receivers, etc.
  • the processing circuitry 1902 is configured to process instructions and data and may be configured to implement any sequential state machine operative to execute instructions stored as machine-readable computer programs in the memory 1910.
  • the processing circuitry 1902 may be implemented as one or more hardware-implemented state machines (e.g., in discrete logic, field-programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), etc.); programmable logic together with appropriate firmware; one or more stored computer programs, general-purpose processors, such as a microprocessor or digital signal processor (DSP), together with appropriate software; or any combination of the above.
  • the processing circuitry 1902 may include multiple central processing units (CPUs).
  • the input/output interface 1906 may be configured to provide an interface or interfaces to an input device, output device, or one or more input and/or output devices.
  • Examples of an output device include a speaker, a sound card, a video card, a display, a monitor, a printer, an actuator, an emitter, a smartcard, another output device, or any combination thereof.
  • An input device may allow a user to capture information into the UE 1900.
  • Examples of an input device include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, a digital video camera, a web camera, etc.), a microphone, a sensor, a mouse, a trackball, a directional pad, a trackpad, a scroll wheel, a smartcard, and the like.
  • the presence-sensitive display may include a capacitive or resistive touch sensor to sense input from a user.
  • a sensor may be, for instance, an accelerometer, a gyroscope, a tilt sensor, a force sensor, a magnetometer, an optical sensor, a proximity sensor, a biometric sensor, etc., or any combination thereof.
  • An output device may use the same type of interface port as an input device. For example, a Universal Serial Bus (USB) port may be used to provide an input device and an output device.
  • USB Universal Serial Bus
  • the power source 1908 is structured as a battery or battery pack. Other types of power sources, such as an external power source (e.g., an electricity outlet), photovoltaic device, or power cell, may be used.
  • the power source 1908 may further include power circuitry for delivering power from the power source 1908 itself, and/or an external power source, to the various parts of the UE 1900 via input circuitry or an interface such as an electrical power cable. Delivering power may be, for example, for charging of the power source 1908.
  • Power circuitry may perform any formatting, converting, or other modification to the power from the power source 1908 to make the power suitable for the respective components of the UE 1900 to which power is supplied.
  • the memory 1910 may be or be configured to include memory such as random access memory (RAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic disks, optical disks, hard disks, removable cartridges, flash drives, and so forth.
  • the memory 1910 includes one or more application programs 1914, such as an operating system, web browser application, a widget, gadget engine, or other application, and corresponding data 1916.
  • the memory 1910 may store, for use by the UE 1900, any of a variety of various operating systems or combinations of operating systems.
  • the memory 1910 may be configured to include a number of physical drive units, such as redundant array of independent disks (RAID), flash memory, USB flash drive, external hard disk drive, thumb drive, pen drive, key drive, high-density digital versatile disc (HD-DVD) optical disc drive, internal hard disk drive, Blu-Ray optical disc drive, holographic digital data storage (HDDS) optical disc drive, external mini-dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro-DIMM SDRAM, smartcard memory such as tamper resistant module in the form of a universal integrated circuit card (UICC) including one or more subscriber identity modules (SIMs), such as a USIM and/or ISIM, other memory, or any combination thereof.
  • RAID redundant array of independent disks
  • HD-DVD high-density digital versatile disc
  • HDDS holographic digital data storage
  • DIMM external mini-dual in-line memory module
  • SDRAM synchronous dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • the UICC may for example be an embedded UICC (eUlCC), integrated UICC (iUICC) or a removable UICC commonly known as ‘SIM card.’
  • the memory 1910 may allow the UE 1900 to access instructions, application programs and the like, stored on transitory or non-transitory memory media, to off-load data, or to upload data.
  • An article of manufacture, such as one utilizing a communication system may be tangibly embodied as or in the memory 1910, which may be or comprise a device-readable storage medium.
  • the processing circuitry 1902 may be configured to communicate with an access network or other network using the communication interface 1912.
  • the communication interface 1912 may comprise one or more communication subsystems and may include or be communicatively coupled to an antenna 1922.
  • the communication interface 1912 may include one or more transceivers used to communicate, such as by communicating with one or more remote transceivers of another device capable of wireless communication (e.g., another UE or a network node in an access network).
  • Each transceiver may include a transmitter 1918 and/or a receiver 1920 appropriate to provide network communications (e.g., optical, electrical, frequency allocations, and so forth).
  • the transmitter 1918 and receiver 1920 may be coupled to one or more antennas (e.g., antenna 1922) and may share circuit components, software or firmware, or alternatively be implemented separately.
  • communication functions of the communication interface 1912 may include cellular communication, Wi-Fi communication, LPWAN communication, data communication, voice communication, multimedia communication, short-range communications such as Bluetooth, near-field communication, location-based communication such as the use of the global positioning system (GPS) to determine a location, another like communication function, or any combination thereof.
  • GPS global positioning system
  • Communications may be implemented in according to one or more communication protocols and/or standards, such as IEEE 802.11 , Code Division Multiplexing Access (CDMA), Wideband Code Division Multiple Access (WCDMA), GSM, LTE, New Radio (NR), UMTS, WiMax, Ethernet, transmission control protocol/internet protocol (TCP/IP), synchronous optical networking (SONET), Asynchronous Transfer Mode (ATM), QUIC, Hypertext Transfer Protocol (HTTP), and so forth.
  • CDMA Code Division Multiplexing Access
  • WCDMA Wideband Code Division Multiple Access
  • GSM Global System for Mobile communications
  • LTE Long Term Evolution
  • NR New Radio
  • UMTS Worldwide Interoperability for Microwave Access
  • WiMax Ethernet
  • TCP/IP transmission control protocol/internet protocol
  • SONET synchronous optical networking
  • ATM Asynchronous Transfer Mode
  • QUIC Hypertext Transfer Protocol
  • HTTP Hypertext Transfer Protocol
  • a UE may provide an output of data captured by its sensors, through its communication interface 1912, via a wireless connection to a network node.
  • Data captured by sensors of a UE can be communicated through a wireless connection to a network node via another UE.
  • the output may be periodic (e.g., once every 15 minutes if it reports the sensed temperature), random (e.g., to even out the load from reporting from several sensors), in response to a triggering event (e.g., when moisture is detected an alert is sent), in response to a request (e.g., a user initiated request), or a continuous stream (e.g., a live video feed of a patient).
  • a UE comprises an actuator, a motor, or a switch, related to a communication interface configured to receive wireless input from a network node via a wireless connection.
  • the states of the actuator, the motor, or the switch may change.
  • the UE may comprise a motor that adjusts the control surfaces or rotors of a drone in flight according to the received input or to a robotic arm performing a medical procedure according to the received input.
  • a UE when in the form of an Internet of Things (loT) device, may be a device for use in one or more application domains, these domains comprising, but not limited to, city wearable technology, extended industrial application and healthcare.
  • loT device are a device which is or which is embedded in: a connected refrigerator or freezer, a TV, a connected lighting device, an electricity meter, a robot vacuum cleaner, a voice controlled smart speaker, a home security camera, a motion detector, a thermostat, a smoke detector, a door/window sensor, a flood/moisture sensor, an electrical door lock, a connected doorbell, an air conditioning system like a heat pump, an autonomous vehicle, a surveillance system, a weather monitoring device, a vehicle parking monitoring device, an electric vehicle charging station, a smart watch, a fitness tracker, a head-mounted display for Augmented Reality (AR) or Virtual Reality (VR), a wearable for tactile augmentation or sensory enhancement, a water sprinkler, an animal- or item-t
  • AR Augmented
  • a UE may represent a machine or other device that performs monitoring and/or measurements, and transmits the results of such monitoring and/or measurements to another UE and/or a network node.
  • the UE may in this case be an M2M device, which may in a 3GPP context be referred to as an MTC device.
  • the UE may implement the 3GPP NB-loT standard.
  • a UE may represent a vehicle, such as a car, a bus, a truck, a ship and an airplane, or other equipment that is capable of monitoring and/or reporting on its operational status or other functions associated with its operation.
  • any number of UEs may be used together with respect to a single use case.
  • a first UE might be or be integrated in a drone and provide the drone’s speed information (obtained through a speed sensor) to a second UE that is a remote controller operating the drone.
  • the first UE may adjust the throttle on the drone (e.g. by controlling an actuator) to increase or decrease the drone’s speed.
  • the first and/or the second UE can also include more than one of the functionalities described above.
  • a UE might comprise the sensor and the actuator, and handle communication of data for both the speed sensor and the actuators.
  • FIG 20 shows a network node 2000 in accordance with some embodiments.
  • network node refers to equipment capable, configured, arranged and/or operable to communicate directly or indirectly with a UE and/or with other network nodes or equipment, in a telecommunication network.
  • network nodes include, but are not limited to, access points (APs) (e.g., radio access points), base stations (BSs) (e.g., radio base stations, Node Bs, evolved Node Bs (eNBs) and NR NodeBs (gNBs)).
  • APs access points
  • BSs base stations
  • Node Bs Node Bs
  • eNBs evolved Node Bs
  • gNBs NR NodeBs
  • Base stations may be categorized based on the amount of coverage they provide (or, stated differently, their transmit power level) and so, depending on the provided amount of coverage, may be referred to as femto base stations, pico base stations, micro base stations, or macro base stations.
  • a base station may be a relay node or a relay donor node controlling a relay.
  • a network node may also include one or more (or all) parts of a distributed radio base station such as centralized digital units and/or remote radio units (RRUs), sometimes referred to as Remote Radio Heads (RRHs). Such remote radio units may or may not be integrated with an antenna as an antenna integrated radio.
  • RRUs remote radio units
  • RRHs Remote Radio Heads
  • Such remote radio units may or may not be integrated with an antenna as an antenna integrated radio.
  • Parts of a distributed radio base station may also be referred to as nodes in a distributed antenna system (DAS).
  • DAS distributed antenna system
  • network nodes include multiple transmission point (multi-TRP) 5G access nodes, multi-standard radio (MSR) equipment such as MSR BSs, network controllers such as radio network controllers (RNCs) or base station controllers (BSCs), base transceiver stations (BTSs), transmission points, transmission nodes, multi-cell/multicast coordination entities (MCEs), Operation and Maintenance (O&M) nodes, Operations Support System (OSS) nodes, Self-Organizing Network (SON) nodes, positioning nodes (e.g., Evolved Serving Mobile Location Centers (E-SMLCs)), and/or Minimization of Drive Tests (MDTs).
  • MSR multi-standard radio
  • RNCs radio network controllers
  • BSCs base station controllers
  • BTSs base transceiver stations
  • OFDM Operation and Maintenance
  • OSS Operations Support System
  • SON Self-Organizing Network
  • positioning nodes e.g., Evolved Serving Mobile Location Centers (E-SMLCs)
  • the network node 2000 includes a processing circuitry 2002, a memory 2004, a communication interface 2006, and a power source 2008.
  • the network node 2000 may be composed of multiple physically separate components (e.g., a NodeB component and a RNC component, or a BTS component and a BSC component, etc.), which may each have their own respective components.
  • the network node 2000 comprises multiple separate components (e.g., BTS and BSC components)
  • one or more of the separate components may be shared among several network nodes.
  • a single RNC may control multiple NodeBs.
  • each unique NodeB and RNC pair may in some instances be considered a single separate network node.
  • the network node 2000 may be configured to support multiple radio access technologies (RATs). In such embodiments, some components may be duplicated (e.g., separate memory 2004 for different RATs) and some components may be reused (e.g., a same antenna 2010 may be shared by different RATs).
  • the network node 2000 may also include multiple sets of the various illustrated components for different wireless technologies integrated into network node 2000, for example GSM, WCDMA, LTE, NR, WiFi, Zigbee, Z-wave, LoRaWAN, Radio Frequency Identification (RFID) or Bluetooth wireless technologies. These wireless technologies may be integrated into the same or different chip or set of chips and other components within network node 2000.
  • RFID Radio Frequency Identification
  • the processing circuitry 2002 may comprise a combination of one or more of a microprocessor, controller, microcontroller, central processing unit, digital signal processor, application-specific integrated circuit, field programmable gate array, or any other suitable computing device, resource, or combination of hardware, software and/or encoded logic operable to provide, either alone or in conjunction with other network node 2000 components, such as the memory 2004, to provide network node 2000 functionality.
  • the processing circuitry 2002 includes a system on a chip (SOC). In some embodiments, the processing circuitry 2002 includes one or more of radio frequency (RF) transceiver circuitry 2012 and baseband processing circuitry 2014. In some embodiments, the radio frequency (RF) transceiver circuitry 2012 and the baseband processing circuitry 2014 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of RF transceiver circuitry 2012 and baseband processing circuitry 2014 may be on the same chip or set of chips, boards, or units.
  • SOC system on a chip
  • the processing circuitry 2002 includes one or more of radio frequency (RF) transceiver circuitry 2012 and baseband processing circuitry 2014.
  • the radio frequency (RF) transceiver circuitry 2012 and the baseband processing circuitry 2014 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of RF transceiver circuitry 2012 and baseband processing circuitry 2014
  • the memory 2004 may comprise any form of volatile or non-volatile computer-readable memory including, without limitation, persistent storage, solid-state memory, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD) or a Digital Video Disk (DVD)), and/or any other volatile or non-volatile, non-transitory device-readable and/or computer-executable memory devices that store information, data, and/or instructions that may be used by the processing circuitry 2002.
  • volatile or non-volatile computer-readable memory including, without limitation, persistent storage, solid-state memory, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD) or a Digital Video Disk (DVD)), and/or any other volatile or non-vol
  • the memory 2004 may store any suitable instructions, data, or information, including a computer program, software, an application including one or more of logic, rules, code, tables, and/or other instructions capable of being executed by the processing circuitry 2002 and utilized by the network node 2000.
  • the memory 2004 may be used to store any calculations made by the processing circuitry 2002 and/or any data received via the communication interface 2006.
  • the processing circuitry 2002 and memory 2004 is integrated.
  • the communication interface 2006 is used in wired or wireless communication of signaling and/or data between a network node, access network, and/or UE. As illustrated, the communication interface 2006 comprises port(s)/terminal(s) 2016 to send and receive data, for example to and from a network over a wired connection.
  • the communication interface 2006 also includes radio front-end circuitry 2018 that may be coupled to, or in certain embodiments a part of, the antenna 2010. Radio front-end circuitry 2018 comprises filters 2020 and amplifiers 2022. The radio front-end circuitry 2018 may be connected to an antenna 2010 and processing circuitry 2002. The radio front-end circuitry may be configured to condition signals communicated between antenna 2010 and processing circuitry 2002.
  • the radio front-end circuitry 2018 may receive digital data that is to be sent out to other network nodes or UEs via a wireless connection.
  • the radio front-end circuitry 2018 may convert the digital data into a radio signal having the appropriate channel and bandwidth parameters using a combination of filters 2020 and/or amplifiers 2022.
  • the radio signal may then be transmitted via the antenna 2010.
  • the antenna 2010 may collect radio signals which are then converted into digital data by the radio front-end circuitry 2018.
  • the digital data may be passed to the processing circuitry 2002.
  • the communication interface may comprise different components and/or different combinations of components.
  • the network node 2000 does not include separate radio front-end circuitry 2018, instead, the processing circuitry 2002 includes radio front-end circuitry and is connected to the antenna 2010. Similarly, in some embodiments, all or some of the RF transceiver circuitry 2012 is part of the communication interface 2006. In still other embodiments, the communication interface 2006 includes one or more ports or terminals 2016, the radio front-end circuitry 2018, and the RF transceiver circuitry 2012, as part of a radio unit (not shown), and the communication interface 2006 communicates with the baseband processing circuitry 2014, which is part of a digital unit (not shown).
  • the antenna 2010 may include one or more antennas, or antenna arrays, configured to send and/or receive wireless signals.
  • the antenna 2010 may be coupled to the radio front-end circuitry 2018 and may be any type of antenna capable of transmitting and receiving data and/or signals wirelessly.
  • the antenna 2010 is separate from the network node 2000 and connectable to the network node 2000 through an interface or port.
  • the antenna 2010, communication interface 2006, and/or the processing circuitry 2002 may be configured to perform any receiving operations and/or certain obtaining operations described herein as being performed by the network node. Any information, data and/or signals may be received from a UE, another network node and/or any other network equipment. Similarly, the antenna 2010, the communication interface 2006, and/or the processing circuitry 2002 may be configured to perform any transmitting operations described herein as being performed by the network node. Any information, data and/or signals may be transmitted to a UE, another network node and/or any other network equipment.
  • the power source 2008 provides power to the various components of network node 2000 in a form suitable for the respective components (e.g., at a voltage and current level needed for each respective component).
  • the power source 2008 may further comprise, or be coupled to, power management circuitry to supply the components of the network node 2000 with power for performing the functionality described herein.
  • the network node 2000 may be connectable to an external power source (e.g., the power grid, an electricity outlet) via an input circuitry or interface such as an electrical cable, whereby the external power source supplies power to power circuitry of the power source 2008.
  • the power source 2008 may comprise a source of power in the form of a battery or battery pack which is connected to, or integrated in, power circuitry. The battery may provide backup power should the external power source fail.
  • Embodiments of the network node 2000 may include additional components beyond those shown in Figure 20 for providing certain aspects of the network node’s functionality, including any of the functionality described herein and/or any functionality necessary to support the subject matter described herein.
  • the network node 2000 may include user interface equipment to allow input of information into the network node 2000 and to allow output of information from the network node 2000. This may allow a user to perform diagnostic, maintenance, repair, and other administrative functions for the network node 2000.
  • FIG 21 is a block diagram of a host 2100, which may be an embodiment of the host 1816 of Figure 18, in accordance with various aspects described herein.
  • the host 2100 may be or comprise various combinations hardware and/or software, including a standalone server, a blade server, a cloud-implemented server, a distributed server, a virtual machine, container, or processing resources in a server farm.
  • the host 2100 may provide one or more services to one or more UEs.
  • the host 2100 includes processing circuitry 2102 that is operatively coupled via a bus 2104 to an input/output interface 2106, a network interface 2108, a power source 2110, and a memory 2112.
  • processing circuitry 2102 that is operatively coupled via a bus 2104 to an input/output interface 2106, a network interface 2108, a power source 2110, and a memory 2112.
  • Other components may be included in other embodiments. Features of these components may be substantially similar to those described with respect to the devices of previous figures, such as Figures 19 and 20, such that the descriptions thereof are generally applicable to the corresponding components of host 2100.
  • the memory 2112 may include one or more computer programs including one or more host application programs 2114 and data 2116, which may include user data, e.g., data generated by a UE for the host 2100 or data generated by the host 2100 for a UE.
  • Embodiments of the host 2100 may utilize only a subset or all of the components shown.
  • the host application programs 2114 may be implemented in a container-based architecture and may provide support for video codecs (e.g., Versatile Video Coding (WC), High Efficiency Video Coding (HEVC), Advanced Video Coding (AVC), MPEG, VP9) and audio codecs (e.g., FLAC, Advanced Audio Coding (AAC), MPEG, G.711), including transcoding for multiple different classes, types, or implementations of UEs (e.g., handsets, desktop computers, wearable display systems, heads-up display systems).
  • the host application programs 2114 may also provide for user authentication and licensing checks and may periodically report health, routes, and content availability to a central node, such as a device in or on the edge of a core network.
  • the host 2100 may select and/or indicate a different host for over-the-top services for a UE.
  • the host application programs 2114 may support various protocols, such as the HTTP Live Streaming (HLS) protocol, Real-Time Messaging Protocol (RTMP), Real-Time Streaming Protocol (RTSP), Dynamic Adaptive Streaming over HTTP (MPEG-DASH), etc.
  • HLS HTTP Live Streaming
  • RTMP Real-Time Messaging Protocol
  • RTSP Real-Time Streaming Protocol
  • MPEG-DASH Dynamic Adaptive Streaming over HTTP
  • FIG 22 is a block diagram illustrating a virtualization environment 2200 in which functions implemented by some embodiments may be virtualized.
  • virtualizing means creating virtual versions of apparatuses or devices which may include virtualizing hardware platforms, storage devices and networking resources.
  • virtualization can be applied to any device described herein, or components thereof, and relates to an implementation in which at least a portion of the functionality is implemented as one or more virtual components.
  • Some or all of the functions described herein may be implemented as virtual components executed by one or more virtual machines (VMs) implemented in one or more virtual environments 2200 hosted by one or more of hardware nodes, such as a hardware computing device that operates as a network node, UE, core network node, or host.
  • VMs virtual machines
  • the virtual node does not require radio connectivity (e.g., a core network node or host)
  • the node may be entirely virtualized.
  • Applications 2202 (which may alternatively be called software instances, virtual appliances, network functions, virtual nodes, virtual network functions, etc.) are run in the virtualization environment Q400 to implement some of the features, functions, and/or benefits of some of the embodiments disclosed herein.
  • Hardware 2204 includes processing circuitry, memory that stores software and/or instructions executable by hardware processing circuitry, and/or other hardware devices as described herein, such as a network interface, input/output interface, and so forth.
  • Software may be executed by the processing circuitry to instantiate one or more virtualization layers 2206 (also referred to as hypervisors or virtual machine monitors (VMMs)), provide VMs 2208a and 2208b (one or more of which may be generally referred to as VMs 2208), and/or perform any of the functions, features and/or benefits described in relation with some embodiments described herein.
  • the virtualization layer 2206 may present a virtual operating platform that appears like networking hardware to the VMs 2208.
  • the VMs 2208 comprise virtual processing, virtual memory, virtual networking or interface and virtual storage, and may be run by a corresponding virtualization layer 2206.
  • a virtualization layer 2206 Different embodiments of the instance of a virtual appliance 2202 may be implemented on one or more of VMs 2208, and the implementations may be made in different ways.
  • Virtualization of the hardware is in some contexts referred to as network function virtualization (NFV). NFV may be used to consolidate many network equipment types onto industry standard high volume server hardware, physical switches, and physical storage, which can be located in data centers, and customer premise equipment.
  • NFV network function virtualization
  • a VM 2208 may be a software implementation of a physical machine that runs programs as if they were executing on a physical, non-virtualized machine.
  • Each of the VMs 2208, and that part of hardware 2204 that executes that VM be it hardware dedicated to that VM and/or hardware shared by that VM with others of the VMs, forms separate virtual network elements.
  • a virtual network function is responsible for handling specific network functions that run in one or more VMs 2208 on top of the hardware 2204 and corresponds to the application 2202.
  • Hardware 2204 may be implemented in a standalone network node with generic or specific components. Hardware 2204 may implement some functions via virtualization. Alternatively, hardware 2204 may be part of a larger cluster of hardware (e.g. such as in a data center or CPE) where many hardware nodes work together and are managed via management and orchestration 2210, which, among others, oversees lifecycle management of applications 2202.
  • hardware 2204 is coupled to one or more radio units that each include one or more transmitters and one or more receivers that may be coupled to one or more antennas. Radio units may communicate directly with other hardware nodes via one or more appropriate network interfaces and may be used in combination with the virtual components to provide a virtual node with radio capabilities, such as a radio access node or a base station.
  • some signaling can be provided with the use of a control system 2212 which may alternatively be used for communication between hardware nodes and radio units.
  • Figure 23 shows a communication diagram of a host 2302 communicating via a network node 2304 with a UE 2306 over a partially wireless connection in accordance with some embodiments.
  • host 2302 Like host 2100, embodiments of host 2302 include hardware, such as a communication interface, processing circuitry, and memory.
  • the host 2302 also includes software, which is stored in or accessible by the host 2302 and executable by the processing circuitry.
  • the software includes a host application that may be operable to provide a service to a remote user, such as the UE 2306 connecting via an over-the-top (OTT) connection 2350 extending between the UE 2306 and host 2302.
  • OTT over-the-top
  • the network node 2304 includes hardware enabling it to communicate with the host 2302 and UE 2306.
  • the connection 2360 may be direct or pass through a core network (like core network 1806 of Figure 18) and/or one or more other intermediate networks, such as one or more public, private, or hosted networks.
  • a core network like core network 1806 of Figure 18
  • one or more other intermediate networks such as one or more public, private, or hosted networks.
  • an intermediate network may be a backbone network or the Internet.
  • the UE 2306 includes hardware and software, which is stored in or accessible by UE 2306 and executable by the UE’s processing circuitry.
  • the software includes a client application, such as a web browser or operator-specific “app” that may be operable to provide a service to a human or non-human user via UE 2306 with the support of the host 2302.
  • a client application such as a web browser or operator-specific “app” that may be operable to provide a service to a human or non-human user via UE 2306 with the support of the host 2302.
  • an executing host application may communicate with the executing client application via the OTT connection 2350 terminating at the UE 2306 and host 2302.
  • the UE's client application may receive request data from the host's host application and provide user data in response to the request data.
  • the OTT connection 2350 may transfer both the request data and the user data.
  • the UE's client application may interact with the user to generate the user data that it provides to the host application through the OTT
  • the OTT connection 2350 may extend via a connection 2360 between the host 2302 and the network node 2304 and via a wireless connection 2370 between the network node 2304 and the UE 2306 to provide the connection between the host 2302 and the UE 2306.
  • the connection 2360 and wireless connection 2370, over which the OTT connection 2350 may be provided, have been drawn abstractly to illustrate the communication between the host 2302 and the UE 2306 via the network node 2304, without explicit reference to any intermediary devices and the precise routing of messages via these devices.
  • the host 2302 provides user data, which may be performed by executing a host application.
  • the user data is associated with a particular human user interacting with the UE 2306.
  • the user data is associated with a UE 2306 that shares data with the host 2302 without explicit human interaction.
  • the host 2302 initiates a transmission carrying the user data towards the UE 2306.
  • the host 2302 may initiate the transmission responsive to a request transmitted by the UE 2306. The request may be caused by human interaction with the UE 2306 or by operation of the client application executing on the UE 2306.
  • the transmission may pass via the network node 2304, in accordance with the teachings of the embodiments described throughout this disclosure. Accordingly, in step 2312, the network node 2304 transmits to the UE 2306 the user data that was carried in the transmission that the host 2302 initiated, in accordance with the teachings of the embodiments described throughout this disclosure. In step 2314, the UE 2306 receives the user data carried in the transmission, which may be performed by a client application executed on the UE 2306 associated with the host application executed by the host 2302.
  • the UE 2306 executes a client application which provides user data to the host 2302.
  • the user data may be provided in reaction or response to the data received from the host 2302.
  • the UE 2306 may provide user data, which may be performed by executing the client application.
  • the client application may further consider user input received from the user via an input/output interface of the UE 2306. Regardless of the specific manner in which the user data was provided, the UE 2306 initiates, in step 2318, transmission of the user data towards the host 2302 via the network node 2304.
  • the network node 2304 receives user data from the UE 2306 and initiates transmission of the received user data towards the host 2302.
  • the host 2302 receives the user data carried in the transmission initiated by the UE 2306.
  • One or more of the various embodiments improve the performance of OTT services provided to the UE 2306 using the OTT connection 2350, in which the wireless connection 2370 forms the last segment.
  • factory status information may be collected and analyzed by the host 2302.
  • the host 2302 may process audio and video data which may have been retrieved from a UE for use in creating maps.
  • the host 2302 may collect and analyze real-time data to assist in controlling vehicle congestion (e.g., controlling traffic lights).
  • the host 2302 may store surveillance video uploaded by a UE.
  • the host 2302 may store or control access to media content such as video, audio, VR or AR which it can broadcast, multicast or unicast to UEs.
  • the host 2302 may be used for energy pricing, remote control of non-time critical electrical load to balance power generation needs, location services, presentation services (such as compiling diagrams etc. from data collected from remote devices), or any other function of collecting, retrieving, storing, analyzing and/or transmitting data.
  • a measurement procedure may be provided for the purpose of monitoring data rate, latency and other factors on which the one or more embodiments improve.
  • the measurement procedure and/or the network functionality for reconfiguring the OTT connection may be implemented in software and hardware of the host 2302 and/or UE 2306.
  • sensors (not shown) may be deployed in or in association with other devices through which the OTT connection 2350 passes; the sensors may participate in the measurement procedure by supplying values of the monitored quantities exemplified above, or supplying values of other physical quantities from which software may compute or estimate the monitored quantities.
  • the reconfiguring of the OTT connection 2350 may include message format, retransmission settings, preferred routing etc.; the reconfiguring need not directly alter the operation of the network node 2304. Such procedures and functionalities may be known and practiced in the art.
  • measurements may involve proprietary UE signaling that facilitates measurements of throughput, propagation times, latency and the like, by the host 2302.
  • the measurements may be implemented in that software causes messages to be transmitted, in particular empty or ‘dummy’ messages, using the OTT connection 2350 while monitoring propagation times, errors, etc.
  • computing devices described herein may include the illustrated combination of hardware components, other embodiments may comprise computing devices with different combinations of components. It is to be understood that these computing devices may comprise any suitable combination of hardware and/or software needed to perform the tasks, features, functions and methods disclosed herein. Determining, calculating, obtaining or similar operations described herein may be performed by processing circuitry, which may process information by, for example, converting the obtained information into other information, comparing the obtained information or converted information to information stored in the network node, and/or performing one or more operations based on the obtained information or converted information, and as a result of said processing making a determination.
  • processing circuitry may process information by, for example, converting the obtained information into other information, comparing the obtained information or converted information to information stored in the network node, and/or performing one or more operations based on the obtained information or converted information, and as a result of said processing making a determination.
  • computing devices may comprise multiple different physical components that make up a single illustrated component, and functionality may be partitioned between separate components.
  • a communication interface may be configured to include any of the components described herein, and/or the functionality of the components may be partitioned between the processing circuitry and the communication interface.
  • non-computationally intensive functions of any of such components may be implemented in software or firmware and computationally intensive functions may be implemented in hardware.
  • processing circuitry executing instructions stored on in memory, which in certain embodiments may be a computer program product in the form of a non-transitory computer- readable storage medium.
  • some or all of the functionality may be provided by the processing circuitry without executing instructions stored on a separate or discrete device-readable storage medium, such as in a hard-wired manner.
  • the processing circuitry can be configured to perform the described functionality. The benefits provided by such functionality are not limited to the processing circuitry alone or to other components of the computing device, but are enjoyed by the computing device as a whole, and/or by end users and a wireless network generally.
  • Example embodiments of the techniques and apparatus described herein include, but are not limited to, the following enumerated examples: Group A Embodiments
  • a method performed by a communication device configured for use in a communication network comprising: obtaining a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network; encrypting the fixed length identifier to obtain a concealed identifier; and transmitting the concealed identifier.
  • obtaining the fixed length identifier comprises calculating the fixed length identifier as a function of the subscription identifier.
  • A5 The method of any of embodiments A3-A4, wherein the hash function is a key derivation function, KDF.
  • calculating the fixed length identifier further comprises truncating the hash to a fixed length, wherein the fixed length identifier is the truncated hash.
  • A11 The method of embodiment A10, wherein the subscription identifier is mapped to the fixed length identifier according to an injective mapping between subscription identifiers and fixed length identifiers.
  • A12. The method of any of embodiments A1-A11 , wherein transmitting the concealed identifier comprises transmitting the concealed identifier to, or towards, the communication network.
  • A13 The method of any of embodiments A1 -A12, wherein the subscription identifier is a subscription permanent identifier, SUPI, and wherein the concealed identifier is a subscription concealed identifier, SUCI.
  • A14 The method of any of embodiments A1 -A13, wherein the subscription identifier is a network access identifier, NAI, comprising a username and a realm.
  • NAI network access identifier
  • A17 The method of any of embodiments A15-A16, wherein the fixed length identifier is calculated according to a function that has an input and that has an output, wherein the output has the fixed length for all possible values of the input, wherein the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function.
  • A18 The method of any of embodiments A15-A17, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein the subscription identifiers are associated with respective fixed length identifiers, wherein at least some of the subscription identifiers have different lengths, wherein each of the fixed length identifiers has the same fixed length.
  • A19 The method of any of embodiments A15-A18, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein at least some of the subscription identifiers have different lengths, wherein the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.
  • A20 The method of any of embodiments A1 -A19, further comprising transmitting signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier.
  • AA The method of any of the previous embodiments, further comprising: providing user data; and forwarding the user data to a host computer via the transmission to a base station.
  • a method performed by network equipment configured for use in a communication network comprising: receiving a concealed identifier from a communication device; and decrypting the concealed identifier to obtain a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network.
  • a method performed by network equipment configured for use in a communication network comprising: obtaining a fixed length identifier; and determining a subscription identifier associated with the fixed length identifier, wherein the subscription identifier identifies a subscription to the communication network.
  • determining the subscription identifier comprises mapping the fixed length identifier to the subscription identifier.
  • BB8 The method of embodiment BB2, wherein said mapping is performed based on an injective mapping between subscription identifiers and fixed length identifiers.
  • BB9 The method of any of embodiments BB1-BB8, wherein the subscription identifier is a subscription permanent identifier, SUPI.
  • BB10 The method of any of embodiments BB1-BB9, wherein the subscription identifier is a network access identifier, NAI, comprising a username and a realm.
  • NAI network access identifier
  • BB13 The method of any of embodiments BB11- BB12, wherein the fixed length identifier is calculated according to a function that has an input and that has an output, wherein the output has the fixed length for all possible values of the input, wherein the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function.
  • BB16 The method of any of embodiments BB1- BB15, wherein obtaining the fixed length identifier comprises receiving the fixed length identifier from other network equipment.
  • BB18 The method of any of embodiments BB16-BB17, further comprising receiving, from the other network equipment, signaling indicating that the identifier received from the another network node is a fixed length identifier.
  • BB19 The method of any of embodiments BB1-BB15, wherein obtaining the fixed length identifier comprises: receiving a concealed identifier from a communication device; and decrypting the concealed identifier to obtain the fixed length identifier.
  • BB The method of any of the previous embodiments, further comprising: obtaining user data; and forwarding the user data to a host computer or a wireless communication device.
  • a communication device configured to perform any of the steps of any of the Group A embodiments.
  • a communication device comprising processing circuitry configured to perform any of the steps of any of the Group A embodiments.
  • a communication device comprising: communication circuitry; and processing circuitry configured to perform any of the steps of any of the Group A embodiments.
  • a communication device comprising: processing circuitry configured to perform any of the steps of any of the Group A embodiments; and power supply circuitry configured to supply power to the communication device.
  • a communication device comprising: processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the communication device is configured to perform any of the steps of any of the Group A embodiments.
  • a user equipment comprising: an antenna configured to send and receive wireless signals; radio front-end circuitry connected to the antenna and to processing circuitry, and configured to condition signals communicated between the antenna and the processing circuitry; the processing circuitry being configured to perform any of the steps of any of the Group A embodiments; an input interface connected to the processing circuitry and configured to allow input of information into the UE to be processed by the processing circuitry; an output interface connected to the processing circuitry and configured to output information from the UE that has been processed by the processing circuitry; and a battery connected to the processing circuitry and configured to supply power to the UE.
  • UE user equipment
  • a computer program comprising instructions which, when executed by at least one processor of a communication device, causes the communication device to carry out the steps of any of the Group A embodiments.
  • Network equipment comprising processing circuitry configured to perform any of the steps of any of the Group B embodiments.
  • Network equipment comprising: communication circuitry; and processing circuitry configured to perform any of the steps of any of the Group B embodiments.
  • Network equipment comprising: processing circuitry configured to perform any of the steps of any of the Group B embodiments; power supply circuitry configured to supply power to the network equipment.
  • Network equipment comprising: processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the network equipment is configured to perform any of the steps of any of the Group B embodiments.
  • a computer program comprising instructions which, when executed by at least one processor of network equipment, causes the network equipment to carry out the steps of any of the Group B embodiments.
  • a communication system including a host computer comprising: processing circuitry configured to provide user data; and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE), wherein the cellular network comprises a base station having a radio interface and processing circuitry, the base station’s processing circuitry configured to perform any of the steps of any of the Group B embodiments.
  • UE user equipment
  • the communication system of the previous embodiment further including the base station.
  • the communication system of the previous 2 embodiments further including the UE, wherein the UE is configured to communicate with the base station.
  • D4 The communication system of the previous 3 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application, thereby providing the user data; and the UE comprises processing circuitry configured to execute a client application associated with the host application.
  • D5. A method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, providing user data; and at the host computer, initiating a transmission carrying the user data to the UE via a cellular network comprising the base station, wherein the base station performs any of the steps of any of the Group B embodiments.
  • UE user equipment
  • a user equipment configured to communicate with a base station, the UE comprising a radio interface and processing circuitry configured to perform any of the previous 3 embodiments.
  • a communication system including a host computer comprising: processing circuitry configured to provide user data; and a communication interface configured to forward user data to a cellular network for transmission to a user equipment (UE), wherein the UE comprises a radio interface and processing circuitry, the UE’s components configured to perform any of the steps of any of the Group A embodiments.
  • UE user equipment
  • the cellular network further includes a base station configured to communicate with the UE.
  • D11 The communication system of the previous 2 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application, thereby providing the user data; and the UE’s processing circuitry is configured to execute a client application associated with the host application.
  • a method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, providing user data; and at the host computer, initiating a transmission carrying the user data to the UE via a cellular network comprising the base station, wherein the UE performs any of the steps of any of the Group A embodiments.
  • UE user equipment
  • a communication system including a host computer comprising: communication interface configured to receive user data originating from a transmission from a user equipment (UE) to a base station, wherein the UE comprises a radio interface and processing circuitry, the UE’s processing circuitry configured to perform any of the steps of any of the Group A embodiments.
  • UE user equipment
  • the communication system of the previous 2 embodiments further including the base station, wherein the base station comprises a radio interface configured to communicate with the UE and a communication interface configured to forward to the host computer the user data carried by a transmission from the UE to the base station.
  • D17 The communication system of the previous 3 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application; and the UE’s processing circuitry is configured to execute a client application associated with the host application, thereby providing the user data.
  • D18 The communication system of the previous 4 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application, thereby providing request data; and the UE’s processing circuitry is configured to execute a client application associated with the host application, thereby providing the user data in response to the request data.
  • a method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, receiving user data transmitted to the base station from the UE, wherein the UE performs any of the steps of any of the Group A embodiments.
  • UE user equipment
  • the method of the previous 3 embodiments further comprising: at the UE, executing a client application; and at the UE, receiving input data to the client application, the input data being provided at the host computer by executing a host application associated with the client application, wherein the user data to be transmitted is provided by the client application in response to the input data.
  • a communication system including a host computer comprising a communication interface configured to receive user data originating from a transmission from a user equipment (UE) to a base station, wherein the base station comprises a radio interface and processing circuitry, the base station’s processing circuitry configured to perform any of the steps of any of the Group B embodiments.
  • UE user equipment
  • the communication system of the previous embodiment further including the base station.
  • the communication system of the previous 2 embodiments further including the UE, wherein the UE is configured to communicate with the base station.
  • D26 The communication system of the previous 3 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application; the UE is configured to execute a client application associated with the host application, thereby providing the user data to be received by the host computer.
  • a method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, receiving, from the base station, user data originating from a transmission which the base station has received from the UE, wherein the UE performs any of the steps of any of the Group A embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un dispositif de communication (12) est configuré pour être utilisé dans un réseau de communication (10). Le dispositif de communication (12) obtient un identifiant de longueur fixe (16F) associé à un identifiant d'abonnement (16S) identifiant un abonnement au réseau de communication (10). Le dispositif de communication (12) peut par exemple calculer l'identifiant de longueur fixe (16F) en fonction d'un hachage de l'identifiant d'abonnement (16S). Indépendamment, le dispositif de communication (12) chiffre l'identifiant de longueur fixe (16F) pour obtenir un identifiant dissimulé (16C). Le dispositif de communication (12) transmet l'identifiant dissimulé (16C).
PCT/EP2023/053620 2022-02-14 2023-02-14 Dissimulation d'un identifiant d'abonnement pour un réseau de communication WO2023152395A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GR20220100136 2022-02-14
GR20220100136 2022-02-14

Publications (1)

Publication Number Publication Date
WO2023152395A1 true WO2023152395A1 (fr) 2023-08-17

Family

ID=85251904

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/053620 WO2023152395A1 (fr) 2022-02-14 2023-02-14 Dissimulation d'un identifiant d'abonnement pour un réseau de communication

Country Status (1)

Country Link
WO (1) WO2023152395A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3751877A1 (fr) * 2019-06-11 2020-12-16 Gemalto Sa Procédés et systèmes de soumission d'identificateurs d'abonnés dans des réseaux 5g
WO2021089396A1 (fr) * 2019-11-04 2021-05-14 Telefonaktiebolaget Lm Ericsson (Publ) Confidentialité d'identifiant caché d'abonnement

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3751877A1 (fr) * 2019-06-11 2020-12-16 Gemalto Sa Procédés et systèmes de soumission d'identificateurs d'abonnés dans des réseaux 5g
WO2021089396A1 (fr) * 2019-11-04 2021-05-14 Telefonaktiebolaget Lm Ericsson (Publ) Confidentialité d'identifiant caché d'abonnement

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
3GPP TS 23.003
3GPP TS 33.501
ERICSSON ET AL: "Padding SUPIs in NAI format for non-null schemes", vol. SA WG3, no. e-meeting; 20210816 - 20210827, 9 August 2021 (2021-08-09), XP052063653, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_104e/Docs/S3-213003.zip> [retrieved on 20210809] *
HUAWEI ET AL: "Meeting SUPI privacy and LI Requirements", vol. SA WG3, no. Reno, NV, USA; 20171127 - 20171201, 20 November 2017 (2017-11-20), XP051380399, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg%5Fsa/WG3%5FSecurity/TSGS3%5F89%5FReno/Docs/> [retrieved on 20171120] *

Similar Documents

Publication Publication Date Title
WO2022248118A1 (fr) Autorisation de fonctions de réseau de consommateur
WO2023041634A1 (fr) Authentification d&#39;un dispositif de communication sans fil à l&#39;aide d&#39;un serveur d&#39;authentification externe
WO2023031836A1 (fr) Dissimulation de topologie en 5gc avec itinérance
WO2023079354A1 (fr) Génération d&#39;analytique dans un réseau de communication
WO2023152395A1 (fr) Dissimulation d&#39;un identifiant d&#39;abonnement pour un réseau de communication
WO2022243209A1 (fr) Remplissage d&#39;identifiant de communication dans un réseau de communication
WO2023060425A1 (fr) Renouvellement de clé hiérarchisé d&#39;associations de sécurité
WO2023147879A1 (fr) Envoi de données étiquetées sur une interface de transfert
WO2023185737A1 (fr) Procédé et appareil permettant d&#39;effectuer une authentification/autorisation secondaire pour un dispositif terminal dans un réseau de communication
WO2023042176A1 (fr) Diversité de clés gba pour de multiples applications dans un ue
WO2024079534A1 (fr) Réseau privé virtuel de couverture cinquième génération avec provisionnement sans contact
WO2023079342A1 (fr) Utilisation d&#39;une séparation d&#39;un identifiant et d&#39;un localisateur pour simplifier des demandes de services d&#39;un réseau d&#39;application
WO2023006349A1 (fr) Procédure de mise à jour de paramètres de réseau domestique (hopu)
WO2023057036A1 (fr) Transport de données vers un réseau de communication
WO2023147866A1 (fr) Signalisation d&#39;interface de transfert dans une interception légale
WO2023014260A1 (fr) Approches de signalisation pour plmn de catastrophe
WO2024099873A1 (fr) Autorisation de partage de modèle ai/ml entre différents vendeurs
WO2024047392A1 (fr) Détection d&#39;application assistée par nwdaf basée sur un service de nom de domaine (dns)
WO2024095046A1 (fr) Procédé et système de traitement de paquets sensibles à la confidentialité
WO2023016839A1 (fr) Protection d&#39;intégrité de plan utilisateur dans une connectivité double
WO2024068611A1 (fr) Sécurité pour stockage et partage de modèle ai/ml
WO2023222524A1 (fr) Procédés permettant à un client informatique en périphérie d&#39;obtenir et d&#39;utiliser des identificateurs d&#39;un équipement utilisateur qui héberge le client
WO2023017426A1 (fr) Diversité de clés akma pour de multiples applications dans un équipement utilisateur (ue)
WO2024117960A1 (fr) Filtre de liste de bandes de fréquences appliquées prédéfinies
WO2022233534A1 (fr) Récupération de gpsi spécifique à une application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23705374

Country of ref document: EP

Kind code of ref document: A1