WO2024027946A1 - Procédés et appareils de vérification d'identité - Google Patents

Procédés et appareils de vérification d'identité Download PDF

Info

Publication number
WO2024027946A1
WO2024027946A1 PCT/EP2022/079548 EP2022079548W WO2024027946A1 WO 2024027946 A1 WO2024027946 A1 WO 2024027946A1 EP 2022079548 W EP2022079548 W EP 2022079548W WO 2024027946 A1 WO2024027946 A1 WO 2024027946A1
Authority
WO
WIPO (PCT)
Prior art keywords
component
amf
identity
information
eir
Prior art date
Application number
PCT/EP2022/079548
Other languages
English (en)
Inventor
Beatriz Maroto GIL
Carlos Jimenez CORDON
Juan Manuel Fernandez Galmes
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2024027946A1 publication Critical patent/WO2024027946A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • H04W60/04Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration using triggered events

Definitions

  • Embodiments of the disclosure generally relate to a communications network and, more particularly, to methods and apparatuses for identity check processes in a communications network.
  • An Equipment Identity Register provides a means to authenticate subscribers (e.g. a user, a user equipment, device) in a communications network by providing lists of blacklisted (and/or whitelisted) devices that are known to be stolen, unauthorized, or defective.
  • subscribers e.g. a user, a user equipment, device
  • PKI Permanent Equipment Identifier
  • IMEI International Mobile Equipment Identity
  • Current telecommunications networks are often configured to enable communication between an EIR and various components of the communications network.
  • 3GPP standards for example, 3GPP TS 23.401 [1] and 23.501 [2]
  • MME Packet Core nodes in EPC
  • AMF 5GC networks
  • IMEI Mobile User Equipment Identity
  • PEI Mobile User Equipment Identity
  • FIG. 1 which is extracted from 3GPP TS 23.401 (3GPP TS 23.401 General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access), illustrates part of the initial attach process of UE on a 4G core network.
  • the 4G core network 100 comprises a UE 102, an eNodeB 104, a new Mobility Management Entity (MME) 106, an Old MME 108, a serving gateway (GW) 110, a public data network (PDN) GW 112, a policy and charging rules function (PCRF) 114, a Home Subscriber Server (HSS) 116 and an EIR, 118.
  • MME Mobility Management Entity
  • GW serving gateway
  • PDN public data network
  • PCRF policy and charging rules function
  • HSS Home Subscriber Server
  • Step 1 shows an attach request sent from a UE 102 to an eNodeB 104.
  • Step 2 shows an attach request sent from the eNodeB 104 to a new MME 106.
  • Step 3 shows an identification process between the new MME 106 and the old MME/SGSN 108.
  • step 3 shows an identification request sent from the new MME 106 to the old MME/SGSN 108 and an identification response sent from the old MME/SGSN 108 to the new MME.
  • Step 4 shows an identity verification process between the new MME 106 and the UE 102.
  • step 4 shows an identity request sent from the new MME 106 to the UE 102 and an identity response sent from the UE 102 to the new MME 106.
  • Step 5a shows an authentication/security process between the UE 102, new MME 106, and HSS 116.
  • step 5a shows an authentication process between the UE 102 and the new MME 106, and an authentication process between the new MME 106 and the HSS 116.
  • Step 5b shows a further identification process between the UE 102 and the new MME 106, and between the new MME 106 and the EIR 118.
  • step 5b shows an identity request sent from the UE 102 to the new MME 106, an identity response sent from the new MME 106 to the UE 102, and an identity check performed between the new MME 106 and the EIR 118.
  • 3GPP TS 23.401 (3GPP TS 23.401 General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access) outlines the requirements of the identity check process which is performed between the MME and the EIR:
  • GPRS General Packet Radio Service
  • the ME Identity (IMEISV) shall be retrieved from the UE.
  • the ME identity shall be transferred encrypted unless the UE performs Emergency Attach or RLOS Attach and cannot be authenticated.
  • the UE may have included the IMEI in the Emergency Attach or RLOS Attach. If so, the ME Identity retrieval is skipped.
  • the retrieval of the ME Identity may be combined with NAS security setup in step 5a.
  • the MME may send the ME Identity Check Request (ME Identity, IMSI) to the EIR.
  • the EIR shall respond with ME Identity Check Ack (Result).
  • Result ME Identity Check Ack
  • the MME decides whether to continue with this Attach procedure or to reject the UE.
  • the IMEI check to the EIR may be performed. If the IMEI is blocked, operator policies determine whether the Emergency Attach or RLOS Attach procedure continues or is stopped.
  • the MME may perform the IMEI check in 4G/5G use cases such as Attach, Inter-MME S 1-based handover, and Inter-MME TAU.
  • FIG. 2 which is extracted from 3GPP TS 23.502 (3GPP TS 23.501 System architecture for the 5G System (5GS)), illustrates part of the initial registration on a 5G core network, where registration of a UE with a core network via a Radio Access Network (RAN) is shown.
  • the network 200 of this example comprises a UE 220, a (Radio Access Network ((R)AN) 222, a New Access and Mobility Management Function (AMF) 224, an Old AMF 226, a Policy Control Function (PCF) 228, a Session Management Function (SMF) 230, an Authentication Server Function (AUSF) 232, a Unified Data Management (UDM) 234, and an EIR 236.
  • R Radio Access Network
  • AMF New Access and Mobility Management Function
  • PCF Policy Control Function
  • SMF Session Management Function
  • AUSF Authentication Server Function
  • UDM Unified Data Management
  • Step 1 shows a registration request sent from the UE 220 to the (R)AN 222.
  • Step 2 shows AMF selection performed at the (R)AN 222.
  • Step 3 shows a registration request sent from the (R)AN 222 to the New AMF 224.
  • Step 4 shows a context transfer request (Namf Communication UEContext transfer) sent from the new AMF 224 to the old AMF 226.
  • Step 5 shows a context transfer response (Namf Communication UEContext transfer response) sent from the old AMF 226 to the new AMF 224.
  • Step 6 shows an identity request sent from the new AMF 224 to the UE 220.
  • Step 7 shows an identity response sent from the UE 220 to the new AMF 224.
  • Step 8 shows AUSF selection performed by the new AMF 224.
  • Step 9 shows an authentication/security process between the UE 220, new AMF 224, AUSF 232 and UDM 234.
  • Step 10 shows a registration status update request (Namf Communication Registration Status Update) sent from the new AMF 224 to the old AMF 226.
  • Step 11 shows an identity request/response process between the UE 220 and the new AMF 224.
  • Step 12 shows an identity check process (N5g-eir Equipment Identity Check Get) between the new AMF 224 and the EIR 236. As is shown in step 12, an identity check request is sent from the new AMF 224 to the EIR 236, and an identity check response is sent from the EIR 236 to the new AMF 224.
  • N5g-eir Equipment Identity Check Get N5g-eir Equipment Identity Check Get
  • step 12 As is outlined in 3GPP TS 23.502 (3GPP TS 23.502 Procedures for the 5G System (5GS)), the further requirements for step 12 are as follows:
  • the new AMF initiates ME identity check by invoking the N5g eir_EquipmentIdentityCheck_Get service operation (see clause 5.2.4.2.2).
  • the PEI check is performed as described in clause 4.7.
  • the AMF may perform the PEI (IMEI) checks in use cases such as Initial Registration, Inter- AMF Mobility Registration Update, and EPS to 5GS Mobility Registration Procedures.
  • PEI PEI
  • One of the objects of the disclosure is to provide an improved solution for reducing inefficiencies in a communications network.
  • a method performed by a communications network for subscriber e.g. a user, a user equipment, device
  • the method comprises receiving, at a first component, information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • EIR Equipment Identity Register
  • identity checks may be performed in a more efficient manner where they are more selectively performed.
  • the information may relate to at least one of: a subscriber; a network slice; a subscriber in a network slice.
  • the information may be relevant to devices (e.g. users, subscribers) which are using a particular slice of a network, and/or to a specific device/group of devices.
  • the method may further comprise receiving, at the first component, an indication of how the reduction can be performed.
  • the determination of how the reduction can be performed can be determined centrally for devices and then sent to the first component with the indication of whether the identity checks can be reduced.
  • the method may further comprise determining whether to perform an identity check for a subscriber based on the information. If it is determined that an identity check is to be performed, the method may further comprise performing the identity check with the EIR.
  • the method may further comprise updating at the first component stored information relating to identity checks based on the received information.
  • the information may comprise at least one of: identity check restriction parameters; a flag indicating no identity check shall be performed for a subscriber; a flag indicating no identity check shall be performed for a network slice; a timestamp relating to when the next identity check is to be performed; a relative time relating to when the next identity check is to be performed; a condition relating to when an identity check is to be performed.
  • the identity check restriction parameters may comprise at least one of: a flag indicating no identity check shall be performed for a subscriber; a flag indicating no identity check shall be performed for a network slice; a timestamp relating to when the next identity check is to be performed; a relative time relating to when the next identity check is to be performed; a condition relating to when an identity check is to be performed.
  • the information may be received as a part of at least one of: a registration request; a registration response; a discovery response; an authentication response; a get response; a context transfer response; an authentication information answer; an update location response; an update location request; a context answer; an SDM notification; a(n insert) subscriber data request; a discovery answer; a notification message; a network slice selection response; a network slice selection procedure; an EIR discovery procedure; an EIR discovery answer; a service base interface procedure; a Diameter interface operation.
  • the first component may comprise at least one of: a mobility management entity; an authentication entity; a discovery entity; a registration entity.
  • the first component may comprise at least one of: an Access and Mobility Management Function, AMF; an Authentication Server Function, AUSF; a new AMF; a Mobility Management Entity, MME; a new MME; a Network Repository Function, NRF; an initial AMF; a target AMF.
  • the method may further comprises sending the information from a second component to the first component.
  • the second component may comprise at least one of: a subscriber database; a mobility management entity; an authentication entity; a discovery entity; a registration entity; an identity database; a network slice selection entity.
  • the first component and the second component may respectively comprise at least one of: an Access and Mobility Management Function, AMF, and an Authentication Server Function, AUSF; an AUSF and a Unified data management, UDM; a new AMF and an old AMF; a new AMF and a UDM; a Mobility Management Entity, MME and a Home Subscriber Server, HSS; a new MME and an old MME; a new MME and an HSS; a new AMF and an old MME; a new MME and an old AMF; an AMF and a UDM; an AMF and a Unified Data Repository, UDR; an MME and a UDR; a Network Repository Function, NRF, and the EIR; an AMF and an NRF; an AMF and a Network Slicing Selection Function, NSSF; a target AMF and an initial AMF.
  • AMF Access and Mobility Management Function
  • AUSF Authentication Server Function
  • the method may further comprise sending the information from a third component to the first component or to the second component.
  • the third component may comprise at least one of: a subscriber database; a mobility management entity; an authentication entity; a discovery entity; a registration entity; an identity database; a network slice selection entity.
  • the first component, the second component and third component may respectively comprise at least one of: an AMF, an AUSF, and a UDM; a new AMF, an old AMF, and a UDM; a new MME, an old MME, and an HSS; a new AMF, an old MME, and a UDM; a new MME, an old AMF, and an HSS; an initial AMF, a target AMF, and an NSSF.
  • the method may further comprise sending the information from a fourth component to the first component.
  • the fourth component may comprise at least one of: a subscriber database; mobility management entity; authentication entity; a discovery entity; a registration entity; an identity database; a network slice selection entity.
  • the first component, the second component, the third component and the fourth component may respectively comprise an AMF, an AUSF, a UDM, and an NRF.
  • the second component or the third component may be configured to determine the information.
  • the first component may be an AMF and the system may further comprise an AUSF and a UDM, the method may further comprise, responsive to receiving an authentication request from the AUSF at the UDM, sending from the UDM to the AUSF the information.
  • the first component may be an AMF and the system may further comprise an AUSF and a UDM, the method may further comprise, responsive to receiving at the AUSF the information from the UDM, forwarding by the AUSF to the AMF the information.
  • the first component may be an AMF and the system may further comprise an AUSF, the method may further comprise, responsive to receiving at the AMF an authentication response from the AUSF, determining by the AMF if the information indicating whether identity checks in the Equipment Identity Register, EIR, can be reduced has been provided.
  • EIR Equipment Identity Register
  • the first component may be an AMF and the system may further comprise a UDM, wherein the method may further comprise sending, from the UDM to the AMF the information responsive to receiving a registration request from the AMF.
  • the first component may be an AMF and the system may further comprise a UDM, wherein the method may further comprise sending, from the UDM to the AMF the information responsive to receiving a get request from the AMF.
  • the first component may be an MME and the system may further comprise an HSS, the method may further comprise, responsive to receiving an authentication request from the MME at the HSS, sending from the HSS to the MME the information.
  • the first component may be an MME and the system may further comprise an HSS, wherein the method may further comprise, responsive to receiving an update location request from the MME at the HSS, sending from the HSS to the MME the information.
  • the first component may be an MME and the system may further comprise an HSS, the method may further comprise, responsive to receiving an authentication response from the HSS at the MME, checking by the MME if the information is present.
  • the first component may be a new AMF
  • the system may further comprise an old AMF
  • the method may further comprise, responsive to receiving a context transfer request from the new AMF at the old AMF, sending, from the old AMF to the new AMF, the information.
  • the first component may be a new MME
  • the system may further comprise old MME
  • the method may further comprise, responsive to receiving a context request from the new MME at the old MME, sending the information from the old MME to the new MME.
  • the first component may be a new AMF
  • the system may further comprise an old MME
  • the method may further comprise, responsive to receiving a context request from the new AMF at the old MME, sending the information from the old MME to the new AMF.
  • the first component may be a new MME
  • the system may further comprise an old AMF
  • the method may further comprise, responsive to receiving a context request from the new MME at the old AMF, sending the information from the old AMF to the new MME.
  • the information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may indicate whether identity checks in EIR can be reduced for subscribers in a slice.
  • the first component may be an NRF, and wherein the method may further comprise, during registration of the EIR in the NRF, sending from the EIR to the NRF the information further relating to a slice served by the EIR .
  • the first component may be an AFM
  • the system may further comprise NRF
  • the method may further comprise, responsive to receiving an EIR discovery request from the AMF, sending from the NRF to the AMF the information further relating to a slice served by the EIR.
  • the first component may be an AMF, and the system may further comprise an NSSF, wherein the method may further comprise, responsive to the NSSF receiving a network slice selection request, sending from the NSSF to the AMF the information.
  • the first component may be a target AMF, wherein the system may further comprise an initial AMF, wherein the method may further comprise, responsive to receiving at the initial AMF a network slice selection response, sending from the initial AMF to the target AMF the information.
  • a method performed by a component of a communications network for subscriber identification processes.
  • the method comprises receiving information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • EIR Equipment Identity Register
  • the information may relate to at least one of: a subscriber; a network slice; a subscriber in a network slice.
  • the method may further comprise receiving an indication of how the reduction can be performed.
  • the method may further comprise determining whether to perform an identity check for a subscriber based on the information. If it is determined that an identity check is to be performed, the method may further comprise performing the identity check with the EIR.
  • the method may further comprise updating stored information relating to identity checks based on the received information.
  • the information may comprise at least one of: identity check restriction parameters; a flag indicating no identity check shall be performed for a subscriber; a flag indicating no identity check shall be performed for a network slice; a timestamp relating to when the next identity check is to be performed; a relative time relating to when the next identity check is to be performed; a condition relating to when an identity check is to be performed.
  • the information may be received as a part of at least one of: a registration request; a registration response; a discovery response; an authentication response; a get response; a context transfer response; an authentication information answer; an update location response; an update location request; a context answer; an SDM notification; an insert subscriber data request; a discovery answer; a notification message; a network slice selection response; a network slice selection procedure; a EIR discovery procedure; an EIR discovery answer; a service base interface procedure; a Diameter interface operation.
  • a method performed by a component of a communications network for subscriber identification processes comprises sending information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the information may relate to at least one of: a subscriber; a network slice; a subscriber in a network slice.
  • the method may further comprise sending an indication of how the reduction can be performed.
  • the information may comprise at least one of: identity check restriction parameters; a flag indicating no identity check shall be performed for a subscriber; a flag indicating no identity check shall be performed for a network slice; a timestamp relating to when the next identity check is to be performed; a relative time relating to when the next identity check is to be performed; a condition relating to when an identity check is to be performed.
  • the information may be sent as a part of at least one of: a registration request; a registration response; a discovery response; an authentication response; a get response; a context transfer response; an authentication information answer; an update location response; an update location request; a context answer; an SDM notification; an insert subscriber data request; a discovery answer; a notification message; a network slice selection response; a network slice selection procedure; a EIR discovery procedure; an EIR discovery answer; a service base interfaces procedure; a Diameter interface operation.
  • a method in a network repository function, NRF comprises receiving, from a component during a discovery process or a registration process, information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced for at least one slice served by the EIR.
  • EIR Equipment Identity Register
  • a communications network for subscriber identification processes.
  • the communications network comprises a first component, wherein the first component is configured to receive information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • EIR Equipment Identity Register
  • the communications network may be configured to perform the methods described herein.
  • a component of a communications network configured to receive information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the component may be configured to perform the methods described herein.
  • the component may comprise at least one of: a mobility management entity; an authentication entity; a discovery entity; a registration entity.
  • a component of a communications network configured to send information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the component may be configured to perform the methods described herein.
  • the component may comprise at least one of: a subscriber database; mobility management entity; authentication entity; a discovery entity; a registration entity; an identity database; a network slice selection entity.
  • a component of a communications network for subscriber identification processes comprising a memory comprising instruction data representing a set of instructions; and a processor configured to communicate with the memory and to execute the set of instructions, wherein the set of instructions, when executed by the processor, cause the processor to receive information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • EIR Equipment Identity Register
  • a computer program product comprising a computer readable medium, the computer readable medium having computer readable code embodied therein, the computer readable code being configured such that, on execution by a suitable computer or processor, the computer or processor is caused to perform the methods described herein.
  • a computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the methods described herein.
  • a carrier containing a computer program as described herein, wherein the carrier comprises one of an electronic signal, optical signal, radio signal or computer readable storage medium.
  • a computer program product comprising non transitory computer readable media having stored thereon a computer program as described herein.
  • a communications network for subscriber identification processes, the communications network comprising: a memory comprising instruction data representing a set of instructions; and a processor configured to communicate with the memory and to execute the set of instructions, wherein the set of instructions, when executed by the processor, cause the processor to: receive, at a first component, information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • EIR Equipment Identity Register
  • a first component configured to determine whether to perform an identity check with an EIR for a subscriber based on information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • FIG. 1 is a diagram illustrating part of the initial attach process of a user equipment (UE) on a 4G core network;
  • FIG. 2 is a diagram illustrating part of the initial registration on a 5G core network
  • FIG. 3 is a diagram illustrating a method according to an example
  • FIG. 4 is a diagram illustrating a registration process in 5GC
  • FIG. 5 is a diagram illustrating an example of 5GC Mobility
  • FIG. 6 is a diagram illustrating an EPC attach process
  • FIG. 7 is a diagram illustrating a tracking area update in EPC
  • FIG. 8 is a diagram illustrating 4G to 5G mobility
  • FIG. 9 is a diagram illustrating an example of 5G to 4G mobility
  • FIG. 10 is a diagram illustrating an IMEI check update in 5G Core
  • FIG. 11 is a diagram illustrating an IMEI check update in EPC
  • FIG. 12 is a diagram illustrating NRF registration of EIR
  • FIG. 13 is a diagram illustrating EIR Discovery including IMEI check parameters
  • FIG. 14 is a diagram illustrating a network slice selection process
  • FIG. 15 is a diagram illustrating a network node in a communications network according to an example
  • FIG. 16 is a diagram illustrating a first component according to an example.
  • FIG. 17 is a diagram illustrating a second component according to an example.
  • a method of receiving, at a first component, information indicating whether identity checks in an Equipment Identity Register, EIR can be reduced S302. For example, it may be indicated whether a rate, a frequency and/or a number of identity checks can be reduced. It may be indicated whether identify checks in an EIR can be reduced for a subscriber (e.g. user, user equipment, UE, user device). It may be indicated whether no identity check should be performed for a particular subscriber. In an example, no identity check may be performed where the device is very low value.
  • EIR Equipment Identity Register
  • a component of a network may be able to reduce the number of times that an identity check is performed with an EIR, thereby increasing the efficiency of the network.
  • the identity check may relate to an International Mobile Equipment Identity (IMEI) or a Permanent Equipment Identifier (PEI) associated with the subscriber.
  • IMEI International Mobile Equipment Identity
  • PEI Permanent Equipment Identifier
  • the information may relate to a subscriber, a network slice, and/or a subscriber in a network slice.
  • the information may provide information relating to identity checks of an individual subscriber, or may provide information relating to (all) subscribers in a slice.
  • a slice may be configured for or dedicated to handling a type of loT device.
  • the information may relate to a predefined setting (e.g provision) for a particular subscriber, indicating the number or frequency of checks required for such a subscriber.
  • the information may relate to a UE connected to and/or attempting to use the network. It will be appreciated that a high number of loT devices may be associated with a particular user (e.g. the subscriber), where the provision of information relating to identity checks of the user (e.g. the subscriber) may be applied to all the loT devices associated with that user, thereby reducing the number of identity checks performed for these devices.
  • the method may further comprise receiving, at the first component, an indication of how the reduction can be performed.
  • the information may comprise identity check restriction parameters (e.g. IMEI check restriction parameters, a flag indicating no identity check shall be performed for a user).
  • the information may comprise parameters indicating a restriction on the number of times an identity check is to be performed, or whether identity checks are to be performed at all for a particular device.
  • the information may comprise a flag indicating no identity check shall be performed for a subscriber. For example, where the subscriber corresponds to a low cost device, or a number of low cost devices, no identity check may be performed.
  • the information may comprise a flag indicating no identity check shall be performed for a network slice.
  • the information may comprise a timestamp relating to when the next identity check is to be performed. For example, an identity check may be performed periodically, and the information may indicate the next time at which this periodic check should be performed.
  • the information may comprise a relative time relating to when the next identity check is to be performed. For example, the next identity check may be performed at a certain time period after the information has been received.
  • the information may comprise a condition relating to when an identity check is to be performed. For example, the identity check may (always) be performed at a given time (e.g. from 0:00 to 0:59).
  • a second component may instruct the first component on how to reduce the number/frequency etc. of identity checks.
  • the method may further comprise determining whether to perform an identity check for a subscriber based on the information. For example, the first component may determine whether to perform an identity check on the basis of the received information. If it is determined that an identity check is to be performed, the method may further comprise performing the identity check with the EIR. For example, the first component may perform the identity check with the EIR.
  • the method may further comprise updating at the first component stored information relating to identity checks based on the received information. For example, when the received information is different to information relating to identity checks stored at the first component, the first component may update the stored information with the newly received information. The first component may discard the received information if the stored information matches the received information.
  • the information may be received as a part of a process between the first component and the second component, or the EIR.
  • the information may be sent or received as part of a message from a first component to the second component.
  • the information may be received as a part of at least one of: a registration request; a registration response; a discovery response; an authentication response; a get response; a context transfer response; an authentication information answer; an update location response; an update location request; a context answer; an SDM notification; an insert subscriber data request; a discovery answer; a notification message; a network slice selection response; a network slice selection procedure; a EIR discovery procedure; an EIR discovery answer; a service base interface procedure; a Diameter interface operation.
  • the first component may comprise a mobility management entity (e.g. an AMF, an MME), an authentication entity (e.g. an AUSF) or a discovery entity/a registration entity (e.g. an NRF).
  • a mobility management entity e.g. an AMF, an MME
  • an authentication entity e.g. an AUSF
  • a discovery entity/a registration entity e.g. an NRF
  • the first component may comprise at least one of: an Access and Mobility Management Function, AMF; an Authentication Server Function, AUSF; a new AMF; a Mobility Management Entity, MME; a new MME; a Network Repository Function, NRF; an initial AMF; a target AMF.
  • the method may further comprise sending the information from a second component to the first component.
  • the second component may comprise a subscriber database (e.g. an HSS, a UDM, a UDR), a mobility management entity (e.g. an AMF, an MME), an authentication entity (e.g. an AUSF), a discovery/registration entity (e.g. NRF), an identity database (e.g. an EIR), or a network slice selection entity (e.g. an NSSF).
  • a subscriber database e.g. an HSS, a UDM, a UDR
  • a mobility management entity e.g. an AMF, an MME
  • an authentication entity e.g. an AUSF
  • NRF discovery/registration entity
  • an identity database e.g. an EIR
  • a network slice selection entity e.g. an NSSF
  • the first component and the second component may respectively comprise at least one of: an Access and Mobility Management Function, AMF, and an Authentication Server Function, AUSF; an AUSF and a Unified data management, UDM; a new AMF and an old AMF; a new AMF and a UDM; a Mobility Management Entity, MME and a Home Subscriber Server, HSS; a new MME and an old MME; a new MME and an HSS; a new AMF and an old MME; a new MME and an old AMF; an AMF and a UDM; an AMF and a Unified Data Repository, UDR; an MME and a UDR; a Network Repository Function, NRF, and the EIR; an AMF and an NRF; an AMF and a Network Slicing Selection Function, NSSF; a target AMF and an initial AMF.
  • AMF Access and Mobility Management Function
  • AUSF Authentication Server Function
  • the method may further comprise sending the information from a third component to the first component or to the second component.
  • the third component may comprise a subscriber database (e.g. an HSS, a UDM, a UDR), a mobility management entity (e.g. an AMF, an MME), an authentication entity (e.g. an AUSF), a discovery/registration entity (e.g. NRF), an identity database (e.g. an EIR), or a network slice selection entity (e.g. an NSSF).
  • a subscriber database e.g. an HSS, a UDM, a UDR
  • a mobility management entity e.g. an AMF, an MME
  • an authentication entity e.g. an AUSF
  • NRF discovery/registration entity
  • an identity database e.g. an EIR
  • NSSF network slice selection entity
  • the first component, the second component and third component may respectively comprise at least one of: an AMF, an AUSF, and a UDM; a new AMF, an old AMF, and a UDM; a new MME, an old MME, and an HSS; a new AMF, an old MME, and a UDM; a new MME, an old AMF, and an HSS; an initial AMF, a target AMF, and an NSSF.
  • “Old” and “new” in this context mean a component previously used by a user equipment (UE) and a component currently or to be used by a user equipment (UE) respectively.
  • the method may further comprise sending the information from a fourth component to the first component.
  • the fourth component may comprise a subscriber database (e.g. an HSS, a UDM, a UDR), a mobility management entity (e.g. an AMF, an MME), an authentication entity (e.g. an AUSF), a discovery/registration entity (e.g. NRF), an identity database (e.g. an EIR), or a network slice selection entity (e.g. an NSSF).
  • a subscriber database e.g. an HSS, a UDM, a UDR
  • a mobility management entity e.g. an AMF, an MME
  • an authentication entity e.g. an AUSF
  • NRF discovery/registration entity
  • an identity database e.g. an EIR
  • NSSF network slice selection entity
  • the first component, the second component, the third component and the fourth component may respectively comprise an AMF, an AUSF, a UDM, and an NRF.
  • the second component, third component and/or fourth component may be configured to determine or derive the information.
  • the mechanism relates to individual subscribers and involves an MME (4G core) and an AMF (5G core).
  • the mechanism relates to network slices and involves an AMF (5G Core).
  • the information may comprise, for example, a flag stating no IMEI check shall be performed for a particular subscriber (e.g. a UE in communication with the network), and/or a timestamp or relative time regarding the next time the identity check shall be executed.
  • this information may be stored and provided by a UDM, and identity checks may be performed only under particular conditions (e.g.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during a registration process in 5GC.
  • the first component may be an AMF and the system may further comprises an AUSF and a UDM, the method may further comprise, responsive to receiving an authentication request from the AUSF at the UDM, sending from the UDM to the AUSF the information.
  • the method may further comprise, responsive to receiving at the AUSF the information from the UDM, forwarding by the AUSF to the AMF the information, and, responsive to receiving at the AMF an authentication response from the AUSF, determining by the AMF if the information indicating whether identity checks in the Equipment Identity Register, EIR, can be reduced has been provided.
  • a UDM may provide information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • the AUSF may forward to an AMF information elements received from the UDM stating that Identity Check in the EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • the AMF may determine whether there are information elements stating whether Identity Checks in the EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network). If the identity checks can be reduced, the AMF may trigger (or not trigger) the Identity Check with the EIR accordingly.
  • the UDM upon reception of an SDM Access And Mobility Data request from the AMF, the UDM shall provide information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • a subscriber e.g. a UE in communication with the network
  • information about how this reduction can be performed e.g. a timestamp with information about the new check.
  • Figure 4 illustrates a registration process in 5GC.
  • Figure 4 illustrates a system 437 comprising a UE 438, an AMF 440, an AUSF 442, a UDM 444 and an EIR 446.
  • Step 1 shows a registration request sent from the UE 438 to the AMF 440.
  • Step 2 shows an authentication request (Nausf UE Authentication Request) sent from the AMF 440 to the AUSF 442.
  • Step 3 shows an authentication request (Ndm UE Authentication Request) sent from the AUSF 442 to the UDM 444.
  • Step 4 shows an authentication response (Nudm UE Authentication Response) sent from the UDM 444 to the AUSF 442.
  • Step 4 also shows that the IMEI check restriction parameters (e.g. information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced) may be included as part of the authentication response sent by the UDM 444. This information maybe be kept in the UDM 444 or the UDR (not shown) depending on whether the UDR is deployed or not.
  • EIR Equipment Identity Register
  • the UDM 444 may provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 5 shows an authentication response (Nausf UE Authentication Response) sent from the AUSF 442 to the AMF 440.
  • Step 5 further shows that the IMEI check restriction parameters may be included as part of the Authentication Response sent by the AUSF 442 to the AMF 440.
  • Step 6 shows an identity check (N5g-eir Equipment Identity Check) performed with the AMF 440 and the EIR 446. Step 6 will be executed depending on the information received in step 5. For example, the information received relating to IMEI will indicate whether identity checks in an Equipment Identity Register, EIR, can be reduced. The AMF 440 will therefore determine whether to perform an identity check or when to perform an identity check with the EIR on the basis of the received information.
  • EIR Equipment Identity Register
  • Step 7 shows a registration request (Nudm UECM Registration) sent from the AMF 440 to the UDM 444.
  • Step 8 shows a registration response (Nudm UECM Registration Response) sent from the UDM 444 to the AMF 440.
  • the UDM 444 will check if the IMEI check time has expired, and if it has expired, the UDM 444 shall update the next IMEI check time and provide it to AMF 440 as part of the Registration answer.
  • Step 9 shows a get request (NudmSDM Get Request) sent from the AMF 440 to the UDM 444.
  • Step 10 shows a get response (NudmSDM Get Response) sent from the UDM 444 to the AMF 440.
  • Step 10 further illustrates that the IMEI check restrictions parameters may be included as part of the SDM Get Response sent by the UDM 444 (note that the AMF in step 9 might be different to the AMF in step 4). If the IMEI Check Restriction parameters sent in step 10 are the same as the ones received by the AMF 440 in step 5, the AMF 440 will discard them.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during a mobility process in 5GC (5G Core).
  • the first component may be a new AMF
  • the system may further comprise an old AMF
  • the method may further comprise, responsive to receiving a context transfer request from the new AMF at the old AMF, sending, from the old AMF to the new AMF, the information.
  • an old AMF can provide to a new AMF information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • the method may further comprise sending, from the UDM to the new AMF the information responsive to receiving a registration request from the new AMF.
  • the method may further comprise sending, from the UDM to the new AMF the information responsive to receiving a get request from the new AMF.
  • Figure 5 illustrates an example of 5GC Mobility.
  • Figure 5 illustrates a system 547 comprising a UE 548, a new AMF 550, an old AMF 552, a UDM 554 and an EIR 556.
  • Step 1 shows a registration request sent from the UE 548 to the new AMF 550.
  • Step 2 shows a context transfer request (Namf Communication UE Context Transfer) sent from the new AMF 550 to the old AMF 552.
  • Step 3 shows a context transfer response sent from the old AMF 552 to the new AMF 550.
  • Step 3 further illustrates that the IMEI check restriction parameters may be included as part of the UE Context Transfer Response sent by the old AMF 552. This information was provided to the old AMF 552 during registration of the old AMF.
  • the UDM 554 will provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 6 shows an identity check (N5g-eir Equipment Identity Check) performed with the new AMF 550 and the EIR 556.
  • Step 6 will be executed depending on the information received in step 3.
  • the information received relating to IMEI will indicate information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the new AMF 550 will therefore determine whether to perform an identity check or when to perform an identity check with the EIR on the basis of the received information.
  • Step 7 shows a registration process (Nudm UECM Registration) between the new AMF 550 and the UDM 554. Request?
  • Step 8 shows a registration response (Nudm UECM Registration Response) sent from the UDM 554 to the new AMF 550.
  • the UDM 554 will check if the IMEI check time has expired, where if the check time has expired, the UDM 554 shall update the next IMEI check time and provide it to the new AMF 550 as part of the Registration answer.
  • Step 9 shows a get request (Nudm SDM Get Request) sent from the new AMF 550 to the UDM 554.
  • Step 10 shows a get response (Nudm SDM Get Response) sent from the UDM 554 to the new AMF 550.
  • Step 10 further illustrates that the IMEI check restrictions parameters may be included as part of the SDM Get Response sent by the UDM 554 (note that the AMF in step
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during an attach process in EPC.
  • the first component may be an MME and the system may further comprise an HSS
  • the method may further comprise, responsive to receiving an authentication request from the MME at the HSS, sending from the HSS to the MME the information.
  • the method may further comprise, responsive to receiving an authentication response from the HSS at the MME, checking by the MME if the information is present.
  • the method may further comprise, responsive to receiving an update location request from the MME at the HSS, sending from the HSS to the MME the information.
  • an HSS upon reception of an authentication request from an MME, an HSS shall provide information elements stating that Identity Checks in an EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • the MME upon reception of an authentication response from the HSS, the MME shall determine if there are information elements included in the authentication response stating whether Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network). If the identity checks can be reduced, the MME will trigger (or not trigger) the Identity Check in EIR accordingly.
  • the HSS upon reception of an update location request from the MME, the HSS shall provide information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • a subscriber e.g. a UE in communication with the network
  • information about how this reduction can be performed e.g. a timestamp with information about the new check.
  • Figure 6 illustrates an EPC attach process.
  • Figure 6 shows a system 658 comprising a UE 660, an MME 662, an HSS 664 and an EIR 666.
  • Step 1 shows an attach request sent from the UE 660 to the MME 662.
  • Step 2 shows an authentication information request (Authentication Info Request) sent from the MME 662 to the HSS 664.
  • Step 3 shows an authentication information answer (Authentication Info Answer) sent from the HSS 664 to the MME 662.
  • Step 3 further shows that the IMEI check restriction parameters may be included as part of the Authentication Response sent by HSS 664. This information maybe be kept in the HSS 664 or a 4G UDR (not shown) depending on whether the UDR is deployed or not.
  • HSS 664 will provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 4 shows an IMEI identity check performed with the MME 662 and the EIR 666.
  • Step 4 will be executed depending on the information received in step 3.
  • the information received relating to IMEI will indicate whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the MME 662 will therefore determine whether to perform an identity check or when to perform an identity check with the EIR 666 on the basis of the received information.
  • Step 5 shows an update location request sent from the MME 662 to the HSS 664.
  • Step 6 shows an update location response sent from the HSS 664 to the MME 662.
  • Step 6 further illustrates how the HSS 664 will check if the IMEI check time has expired, where it has expired, HSS 664 shall update the next IMEI check time and provide it to the MME 662 as part of the Update Location answer.
  • the IMEI check restrictions parameters are also included as part of the Update Location Answer sent by the HSS 664. If IMEI Check Restriction parameters sent in step 6 are the same as the ones received in step 3, the MME 662 will discard the new parameters.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during a tracking area update in EPC.
  • the first component may be a new MME
  • the system may further comprise an old MME
  • the method may further comprise, responsive to receiving a context request from the new MME at the old MME, sending the information from the old MME to the new MME.
  • the system may further comprise an HSS, wherein the method may further comprise, responsive to receiving an update location request from the new MME at the HSS, sending from the HSS to the new MME the information.
  • an old MME can provide to a new MME information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • the MME may update stored information relating to identity checks based on the newly received information.
  • Figure 7 illustrates a tracking area update in EPC.
  • Figure 7 shows a system 768 comprising a UE 770, a new MME 772, an old MME 774, an HSS 776, and an EIR 778.
  • Step 1 shows a TAU request sent from the UE 770 to the new MME 772.
  • Step 2 shows a context request sent from the new MME 772 to the old MME 774.
  • Step 3 shows a context answer sent from the old MME 774 to the new MME 772. Step 3 further illustrates how the IMEI check restriction parameters are included as part of the Context Response sent by the old MME 774. This information was provided to the old MME 774 during attach.
  • the MME will provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 4 will be executed depending on the information received in step 3.
  • the information received relating to IMEI will indicate whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the new MME will therefore determine whether to perform an identity check or when to perform an identity check with the EIR on the basis of the received information.
  • Step 5 shows an update location request sent from the new MME 772 to the HSS 776.
  • Step 6 shows an update location response sent from the HSS 776 to the new MME 772.
  • Step 6 further illustrates that the HSS 776 will check if the IMEI check time has expired, where if it has expired, HSS 776 shall update the next IMEI check time and provide it to the new MME 772 as part of the Update Location answer.
  • the IMEI check restrictions parameters are also included as part of the Update Location Answer sent by the HSS 776. If the IMEI Check Restriction parameters are the same as the ones received in step 3, the new MME 772 will discard them.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during a mobility process from 4G to 5G.
  • the first component may be a new AMF
  • the system may further comprise an old MME
  • the method may further comprise, responsive to receiving a context request from the new AMF at the old MME, sending the information from the old MME to the new AMF.
  • the system may further comprise a UDM, wherein the method may further comprise sending, from the UDM to the new AMF the information responsive to receiving a registration request from the new AMF.
  • the method may further comprise sending, from the UDM to the new AMF the information responsive to receiving a get request from the new AMF.
  • an old MME can provide to a new AMF information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • a subscriber e.g. a UE in communication with the network
  • information about how this reduction can be performed e.g. a timestamp with information about the new check.
  • Figure 8 illustrates 4G to 5G mobility.
  • Figure 8 illustrates a system 880 comprising a UE 882, a new AMF 884, an old MME 886, a UDM 888 and an EIR 890.
  • Step 1 shows a registration request sent from the UE 882 to the new AMF 884.
  • Step 2 shows a context request sent from the new AMF 884 to the old MME 886.
  • Step 3 shows a context answer sent from the old MME 886 to the new AMF 884. Step 3 further illustrates how the IMEI check restriction parameters are included as part of the Context Response sent by the old MME 886. This information was provided to the old MME 886 during attach.
  • the old MME will provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 6 shows an identity check (N5g-eir Equipment Identity Check) performed between the new AMF 884 and the EIR 890.
  • Step 6 will be executed depending on the information received in step 3. For example, the information received relating to IMEI will indicate whether identity checks in an Equipment Identity Register, EIR, can be reduced. The AMF will therefore determine whether to perform an identity check or when to perform an identity check with the EIR on the basis of the received information.
  • EIR Equipment Identity Register
  • Step 7 shows a registration process (Nudm UECM Registration) between the new AMF 884 and the UDM 888.
  • Step 8 shows a registration response (Nudm UECM Registration Response) sent from the UDM 888 to the new AMF 884.
  • the UDM 888 will check if the IMEI check time has expired, where if it has expired, the UDM 888 shall update the next IMEI check time and provide it to the new AMF 884 as part of the Registration answer.
  • Step 9 shows a get request (Nudm SDM Get Request) sent from the new AMF 884 to the UDM 888.
  • Step 10 shows a get response (Nudm SDM Get Response) sent from the UDM 888 to the new AMF 884.
  • Step 10 further illustrates that the IMEI check restrictions parameters are included as part of the SDM Get Response sent by the UDM 888 (note that the AMF in step 9 might be different than the AMF in step 4). If IMEI Check Restriction parameters are the same as the ones received in step 5, the new AMF 884 will discard them.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during a mobility process from 5G to 4G.
  • the first component may be a new MME
  • the system may further comprise an old AMF
  • the method may further comprise, responsive to receiving a context request from the new MME at the old AMF, sending the information from the old AMF to the new MME.
  • the system may further comprise an HSS, wherein the method may further comprise, responsive to receiving an update location request from the new MME at the HSS, sending from the HSS to the new MME the information.
  • an old AMF can provide to a new MME information elements stating that Identity Checks in EIR can be reduced (or even avoided) for a particular subscriber (e.g. a UE in communication with the network), including information about how this reduction can be performed (e.g. a timestamp with information about the new check).
  • a subscriber e.g. a UE in communication with the network
  • information about how this reduction can be performed e.g. a timestamp with information about the new check.
  • Figure 9 illustrates an example of 5G to 4G mobility.
  • Figure 9 shows a system 992 comprising a UE 994, a new MME 995, and old AMF 996, an HSS 997 and an EIR 998.
  • Step 1 shows a TAU request sent from the UE 994 to the new MME 995.
  • Step 2 shows a context request sent from the new MME 995 to the old AMF 996.
  • Step 3 shows a context answer sent from the old AMF 996 to the new MME 995.
  • Step 3 further illustrates that the IMEI check restriction parameters are included as part of the Context Response sent by the old AMF 996. This information was provided to the old AMF 996 during registration.
  • the old AMF will provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 4 shows an identity check (IMEI Identity Check) performed between the new MME 995 and the EIR 998.
  • Step 4 will be executed depending on the information received in step 3. For example, the information received relating to IMEI will indicate whether identity checks in an Equipment Identity Register, EIR, can be reduced. The old AMF 996 will therefore determine whether to perform an identity check or when to perform an identity check with the EIR on the basis of the received information.
  • EIR Equipment Identity Register
  • Step 5 shows an update location request sent from the new MME 995 to the HSS 997.
  • Step 6 shows an update location response sent from the HSS 997 to the new MME 995.
  • Step 6 further illustrates how the HSS 997 will check if the IMEI check time has expired, and if it has expired, the HSS 997 shall update the next IMEI check time and provide it to the MME 995 as part of the Update Location answer.
  • the IMEI check restrictions parameters are also included as part of the Update Location Answer sent by the HSS 997. If IMEI Check Restriction parameters are the same as the ones received in step 3, the MME 995 will discard the new parameters.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during an IMEI check update in 5G core.
  • the first component may be an AMF
  • the system may further comprise UDM/UDR
  • the method may further comprise receiving the information from the UDM/UDR.
  • an AMF upon reception of updated Identity Check restrictions from a UDM/UDR, an AMF shall update the stored information relating to identity checks based on the newly received information.
  • Figure 10 illustrates an IMEI check update in 5G Core.
  • Figure 10 shows a system 1000 comprising an AMF 1002, a UDM/UDR 1004 and a provisioning system 1006.
  • Step 1 shows a provisioning identity check restriction (Provisioning IMEI Check restriction (UE)) sent from the provisioning system 1006 to the UDM/UDR 1004.
  • UE provisioning IMEI Check restriction
  • Step 2 shows an SDM notification (Nudm SDM Notification) sent from the UDM/UDR 1004 to the AMF 1002.
  • Step 2 further illustrates that the IMEI check restriction parameters are included as part of the SDM Notification sent to the AMF 1002 when those parameters are updated via provisioning.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during an IMEI check update in EPC.
  • the first component may be an MME
  • the system may further comprise HSS/UDR
  • the method may further comprise receiving the information from the HSS/UDR.
  • Figure 11 illustrates an IMEI check update in EPC.
  • Figure 11 shows a system 1108 comprising an MME 1110, an HSS/UDR 1112, and a provisioning system 1114.
  • Step 1 shows a provisioning identity check restriction (Provisioning IMEI Check restriction (UE)) sent from the provisioning system 1114 to the HSS/UDR 1112.
  • UE provisioning IMEI Check restriction
  • Step 2 shows a subscriber data request sent from the HSS/UDR 1112 to the MME 1110.
  • Step 2 further illustrate that the IMEI check restriction parameters are included as part of the Insert Subscriber Data Request sent to the MME when those parameters are updated via provisioning.
  • a data type of IMEICheckRestriction may be included in the any of the methods described herein as information relating to identity checks.
  • the content of this new data type may depend on what it is provisioned for the involved subscriber (e.g. UE) and can contain information indicating that there is no need for an IMEI Identity Check.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during NRF registration of EIR.
  • the first component may be an NRF, and wherein the method may further comprise, during registration of the EIR in the NRF, sending from the EIR to the NRF the information further relating to a slice served by the EIR.
  • the EIR when registering an EIR in an NRF, the EIR provides information elements stating that Identity Checks in EIR can be reduced (or even avoided) depending on the network slice this EIR is serving.
  • Figure 12 shows NRF registration of EIR.
  • Figure 12 shows a system 1216 comprising an EIR 1218 and an NRF 1220.
  • Step 1 shows a registration request (Nnrf Registration Request) sent from the EIR 1218 to the NRF 1220.
  • Step 1 further illustrates that the IMEI check restriction parameters are included by the EIR 1218 as part of the Registration sent to the NRF 1220 associated with specific slices (NSSAI or NSIs) served by this EIR 1218.
  • Step 2 shows a registration answer (Nnrf Registration Answer) sent from the NRF 1220 to the EIR 1218.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during an EIR discovery procedure.
  • the information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may indicate whether identity checks in EIR can be reduced for subscriber in a slice.
  • the first component may be an AMF and the system may further comprise an AUSF and a UDM, the method may further comprise, responsive to receiving an authentication request from the AUSF at the UDM, sending from the UDM to the AUSF the information.
  • the method may further comprise, responsive to receiving at the AUSF the information from the UDM, forwarding by the AUSF to the AMF the information.
  • the system may further comprise NRF, and wherein the method may further comprise, responsive to receiving an EIR discovery request from the AMF, sending from the NRF to the AMF the information further relating to a slice served by the EIR.
  • the system may further comprise a UDM, wherein the method may further comprise sending, from the UDM to the AMF the information responsive to receiving a registration request from the AMF.
  • an NRF upon EIR discovery, an NRF provides information elements stating that Identity Checks in EIR can be reduced (or even avoided) associated with the different slices the discovered EIRs are serving.
  • an AMF gets information elements stating that Identity Checks in EIR can be reduced (or even avoided) associated with the different slices and uses the information related to the selected network slice.
  • Figure 13 illustrates EIR Discovery including IMEI check parameters.
  • Figure 13 illustrates a system 1322 comprising a UE 1324, an AMF 1326, an NRF 1328, an AUSF133O, a UDM 1332 and an EIR 1334.
  • Step 1 shows a registration request sent from the UE 1324 to the AMF1326.
  • Step 2 shows an authentication request (Nausf UE Authentication Request) sent from the AMF 1326 to the AUSF 1330.
  • Step 3 shows an authentication request (Nudm UE Authentication Request) sent from the AUSF 1330 to the UDM 1332.
  • Step 4 shows an authentication response (Nudm UE Authentication Response) sent from the UDM 1332 to the AUSF 1330.
  • Step 4 further illustrates that the UDM 1332 may provide a timestamp or relative time stating the next time this IMEI change can be executed, or a flag stating no IMEI change shall be performed for this specific subscriber.
  • Step 5 shows an authentication response (Nausf UE Authentication Response) sent from the AUSF 1330 to the NRF 1328. Step 5 further illustrates that the IMEI check restriction parameters are included as part of the authentication response sent by the AUSF 1330.
  • Step 6 shows a discovery request (Nnrf Discovery Request (EIR)) sent from the AMF 1326 to the NRF 1328.
  • EIR Nnrf Discovery Request
  • Step 7 shows a discovery answer (Nnrf Discovery Answer (EIR)) sent from the NRF 1328 to the AMF 1326.
  • Step 7 further illustrate that the IMEI check restriction parameters are included as part of the Discovery Response sent by NRF 1328. This information can be associated with specific network slices served by this EIR 1334.
  • EIR Nnrf Discovery Answer
  • Step 8 shows an identity check (N5g-eir Equipment Identity Check) performed between the AMF 1326 and the EIR 1334.
  • Step 8 will be executed depending on the information received in step 5 based on network slice related information. For example, the information received relating to IMEI will indicate whether identity checks in an Equipment Identity Register, EIR, can be reduced. The AMF 1326 will therefore determine whether to perform an identity check or when to perform an identity check with the EIR 1334 on the basis of the received information.
  • EIR Equipment Identity Register
  • Step 9 shows a registration request (Nudm UECM Registration) sent from the AMF 1326 to the UDM 1332.
  • Step 10 shows a registration response (Nudm UECM Registration Response) sent from the UDM 1332 to the AMF.
  • Step 10 illustrates that, when a subscriber is registered in the UDM 1332, the UDM 1332 will check if the IMEI check time has expired, where if the check time has expired, the UDM 1332 shall update the next IMEI check time and provide it to the AMF 1326 as part of the Registration answer.
  • Step 11 shows a get request (Nudm SDM Get Request) sent from the AMF 1326 to the UDM 1332.
  • Step 12 shows a get response (Nudm SDM Get Response) sent from the UDM 1332 to the AMF 1326.
  • information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced may be received at a first component during a Network Slice selection process.
  • the first component may be an initial AMF
  • the system may further comprise an NSSF
  • the method may further comprise, responsive to the NSSF receiving a network slice selection request, sending from the NSSF to the initial AMF the information.
  • the system may further comprise a target AMF, wherein the method may further comprise, responsive to receiving at the initial AMF a network slice selection response, sending from the initial AMF to the target AMF the information.
  • an NSSF when receiving Network Slice selection requests, an NSSF provides information elements stating that Identity Checks in EIR can be reduced (or even avoided) associated with the different slices requested.
  • an AMF gets information elements stating that Identity Checks in an EIR can be reduced (or even avoided) associated with the slices and uses the information related to the selected network slice.
  • an initial AMF Upon selection of a new AMF during Network Slice selection procedure, an initial AMF sends information elements stating that Identity Checks in EIR can be reduced (or even avoided) associated with the selected network slice.
  • Figure 14 illustrates a network slice selection process.
  • Figure 14 shows a system 1436 comprising a UE 1440, an initial AMF 1442, a target AMF 1444, an NSSF 1446, and a UDM 1448.
  • Step 1 shows an initial UE message sent from the UE 1440 to the initial AMF 1442.
  • Step 2 shows a get request (Nudm SDM Get (Slice Selection Data) Request) sent from the initial AMF 1442 to the UDM 1448.
  • Step 3 shows a get response (Nudm SDM Get response) sent from the UDM 1448 to the initial AMF 1442.
  • Step 4 shows a Network Slice selection request (Nnssf NSSelection Get Request) sent from the initial AMF 1442 to the NSSF 1446.
  • Step 5 shows a Network Slice selection response (Nnssf NSSelection Get Response) sent from the NSSF 1446 to the initial AMF 1442.
  • Step 5 illustrates that the IMEI check restriction parameters are included as part of the Network Slice selection response. This information is associated with specific network slices.
  • Step 6 shows a notification message (Namf Communication NIMessageNotify) sent from the initial AMF 1442 to the target AMF1444.
  • Step 6 also shows how the IMEI check restriction parameters are passed between AMFs when a new AMF is selected for a specific slice.
  • a communications network may comprise any one, or any combination of: a wired link (e.g. ASDL) or a wireless link such as Global System for Mobile Communications (GSM), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), New Radio (NR), WiFi, Bluetooth or future wireless technologies.
  • GSM Global System for Mobile Communications
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • NR New Radio
  • WiFi Bluetooth
  • GSM Global System for Mobile Communications
  • GSM Global System for Mobile Communications
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • NR New Radio
  • WiFi Bluetooth
  • wireless network may implement communication standards, such as Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE), and/or other suitable 2G, 3G, 4G, or 5G standards; wireless local area network (WLAN) standards, such as the IEEE 802.11 standards; and/or any other appropriate wireless communication standard, such as the Worldwide Interoperability for Microwave Access (WiMax), Bluetooth, Z-Wave and/or ZigBee standards.
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • WLAN wireless local area network
  • WiMax Worldwide Interoperability for Microwave Access
  • Bluetooth Z-Wave and/or ZigBee standards.
  • a UE may comprise a device capable, configured, arranged and/or operable to communicate wirelessly with network nodes and/or other wireless devices.
  • the term UE may be used interchangeably herein with wireless device (WD).
  • Communicating wirelessly may involve transmitting and/or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and/or other types of signals suitable for conveying information through air.
  • a UE may be configured to transmit and/or receive information without direct human interaction. For instance, a UE may be designed to transmit information to a network on a predetermined schedule, when triggered by an internal or external event, or in response to requests from the network.
  • Examples of a UE include, but are not limited to, a smart phone, a mobile phone, a cell phone, a voice over IP (VoIP) phone, a wireless local loop phone, a desktop computer, a personal digital assistant (PDA), a wireless cameras, a gaming console or device, a music storage device, a playback appliance, a wearable terminal device, a wireless endpoint, a mobile station, a tablet, a laptop, a laptop-embedded equipment (LEE), a laptop-mounted equipment (LME), a smart device, a wireless customer-premise equipment (CPE), a vehicle-mounted wireless terminal device, etc.
  • VoIP voice over IP
  • PDA personal digital assistant
  • LME laptop-embedded equipment
  • LME laptop-mounted equipment
  • CPE wireless customer-premise equipment
  • a UE may support device-to-device (D2D) communication, for example by implementing a 3GPP standard for sidelink communication, vehicle-to-vehicle (V2V), vehicle-to- infrastructure (V2I), vehicle-to-everything (V2X) and may in this case be referred to as a D2D communication device.
  • D2D device-to-device
  • V2V vehicle-to-vehicle
  • V2I vehicle-to- infrastructure
  • V2X vehicle-to-everything
  • a UE may represent a machine or other device that performs monitoring and/or measurements, and transmits the results of such monitoring and/or measurements to another UE and/or a network node.
  • the UE may in this case be a machine-to-machine (M2M) device, which may in a 3GPP context be referred to as an MTC device.
  • M2M machine-to-machine
  • the UE may be a UE implementing the 3GPP narrow band internet of things (NB-IoT) standard.
  • NB-IoT narrow band internet of things
  • machines or devices are sensors, metering devices such as power meters, industrial machinery, or home or personal appliances (e.g. refrigerators, televisions, etc.) personal wearables (e.g., watches, fitness trackers, etc.).
  • a UE may represent a vehicle or other equipment that is capable of monitoring and/or reporting on its operational status or other functions associated with its operation.
  • a UE as described above may represent the endpoint of a wireless connection, in which case the device may be referred to as a wireless terminal. Furthermore, a UE as described above may be mobile, in which case it may also be referred to as a mobile device or a mobile terminal.
  • FIG. 15 illustrates a network node 1500 in a communications network according to some examples herein.
  • the node 1500 may comprise any component or network function (e.g. any hardware or software module) in the communications network suitable for performing the functions described herein.
  • a node may comprise equipment capable, configured, arranged and/or operable to communicate directly or indirectly with a UE (such as a wireless device) and/or with other network nodes or equipment in the communications network to enable and/or provide wireless or wired access to the UE and/or to perform other functions (e.g., administration) in the communications network.
  • a UE such as a wireless device
  • nodes include, but are not limited to, access points (APs) (e.g., radio access points), base stations (BSs) (e.g., radio base stations, Node Bs, evolved Node Bs (eNBs) and NR NodeBs (gNBs)).
  • APs access points
  • BSs base stations
  • eNBs evolved Node Bs
  • gNBs NR NodeBs
  • core network functions such as, for example, core network functions in a Fifth Generation Core network (5GC).
  • 5GC Fifth Generation Core network
  • the node 1500 is configured (e.g. adapted, operative, or programmed) to perform any of the examples as described above. It will be appreciated that the node 1500 may comprise one or more virtual machines running different software and/or processes. The node 1500 may therefore comprise one or more servers, switches and/or storage devices and/or may comprise cloud computing infrastructure or infrastructure configured to perform in a distributed manner, that runs the software and/or processes.
  • the node 1500 may comprise a processor (e.g. processing circuitry or logic) 1502.
  • the processor 1502 may control the operation of the node 1500 in the manner described herein.
  • the processor 1502 can comprise one or more processors, processing units, multi-core processors or modules that are configured or programmed to control the node 1500 in the manner described herein.
  • the processor 1502 can comprise a plurality of software and/or hardware modules that are each configured to perform, or are for performing, individual or multiple steps of the functionality of the node 1500 as described herein.
  • the node 1500 may comprise a memory 1504.
  • the memory 1504 of the node 1500 can be configured to store program code or instructions 1506 that can be executed by the processor 1502 of the node 1500 to perform the functionality described herein.
  • the memory 1504 of the node 1500 can be configured to store any requests, resources, information, data, signals, or similar that are described herein.
  • the processor 1502 of the node 1500 may be configured to control the memory 1504 of the node 1500 to store any requests, resources, information, data, signals, or similar that are described herein.
  • the node 1500 may comprise other components in addition or alternatively to those indicated in Figure 15.
  • the node 1500 may comprise a communications interface 1506.
  • the communications interface 1506 may be for use in communicating with other nodes in the communications network, (e.g. such as other physical or virtual nodes).
  • the communications interface 1506 may be configured to transmit to and/or receive from other nodes or network functions requests, resources, information, data, signals, or similar.
  • the processor 1502 of node 1500 may be configured to control such a communications interface to transmit to and/or receive from other nodes or network functions requests, resources, information, data, signals, or similar.
  • the node 1500 may be configured to receive information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the node 1500 may be configured to send information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the node 1500 may be configured to determine information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • network nodes e.g. components which send and receive the information as is described in the above examples.
  • Figure 16 illustrates a first component according to an example.
  • Figure 16 illustrates a first component 1600 comprising a receiving unit 1602 configured to receive information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the first component may be configured to perform any of the methods described above, and may comprise any of the first components described above.
  • Figure 17 illustrates a second component according to an example.
  • Figure 17 illustrates a second component 1700 comprising a sending unit 1702 configured to send information indicating whether identity checks in an Equipment Identity Register, EIR, can be reduced.
  • the second component may be configured to perform any of the methods described above, and may comprise any of the second components described above.
  • a system e.g. a communications network
  • the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof.
  • some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto.
  • firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto.
  • While various aspects of the exemplary embodiments of this disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the exemplary embodiments of the disclosure may be practiced in various components such as integrated circuit chips and modules. It should thus be appreciated that the exemplary embodiments of this disclosure may be realized in an apparatus that is embodied as an integrated circuit, where the integrated circuit may comprise circuitry (as well as possibly firmware) for embodying at least one or more of a data processor, a digital signal processor, baseband circuitry and radio frequency circuitry that are configurable so as to operate in accordance with the exemplary embodiments of this disclosure.
  • exemplary embodiments of the disclosure may be embodied in computer-executable instructions, such as in one or more program modules, executed by one or more computers or other devices.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types when executed by a processor in a computer or other device.
  • the computer executable instructions may be stored on a computer readable medium such as a hard disk, optical disk, removable storage media, solid state memory, RAM, etc.
  • the function of the program modules may be combined or distributed as desired in various embodiments.
  • the function may be embodied in whole or in part in firmware or hardware equivalents such as integrated circuits, field programmable gate arrays (FPGA), and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne procédés et des appareils pour les réseaux de communication. Selon un mode de réalisation, l'invention concerne un procédé mis en œuvre par un réseau de communication pour des processus d'identification d'abonné, le procédé consistant à recevoir, au niveau d'un premier composant, des informations indiquant si des vérifications d'identité dans un registre d'identité d'équipement, EIR, peuvent être réduites.
PCT/EP2022/079548 2022-08-03 2022-10-24 Procédés et appareils de vérification d'identité WO2024027946A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP22382750.2 2022-08-03
EP22382750 2022-08-03

Publications (1)

Publication Number Publication Date
WO2024027946A1 true WO2024027946A1 (fr) 2024-02-08

Family

ID=83050091

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/079548 WO2024027946A1 (fr) 2022-08-03 2022-10-24 Procédés et appareils de vérification d'identité

Country Status (1)

Country Link
WO (1) WO2024027946A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017023304A1 (fr) * 2015-08-05 2017-02-09 Hewlett Packard Enterprise Development Lp Vérification d'un identifiant de dispositif d'un dispositif mobile
EP3968570A1 (fr) * 2020-09-09 2022-03-16 Hewlett Packard Enterprise Development LP Contrôle d'accès d'équipement à des tranches dans un réseau 5g

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017023304A1 (fr) * 2015-08-05 2017-02-09 Hewlett Packard Enterprise Development Lp Vérification d'un identifiant de dispositif d'un dispositif mobile
EP3968570A1 (fr) * 2020-09-09 2022-03-16 Hewlett Packard Enterprise Development LP Contrôle d'accès d'équipement à des tranches dans un réseau 5g

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
3GPP TS 23.401
3GPP TS 23.501
3GPP TS 23.502

Similar Documents

Publication Publication Date Title
US11523268B2 (en) Communications method and apparatus
CN110651492B (zh) 报告监视的参数信息
JP6828849B2 (ja) ユーザ装置に関する方法及びユーザ装置
EP3493601B1 (fr) Sélection d'une tranche de réseau
US8554216B2 (en) Devices for congestion control
US20210258824A1 (en) Uplink congestion control based on sip messaging
JP2021510980A (ja) 方法、User Equipment (UE)、及びAccess and mobility Management Function (AMF)
US10868869B2 (en) Method, apparatus and computer program
US20240121591A1 (en) Methods and apparatuses for event monitoring
WO2019210947A1 (fr) Systèmes, fonctions de réseau et procédés associés pour permettre la détermination d'informations associées à une connexion de plan utilisateur dans un réseau de communication
EP3883270B1 (fr) Procédé et appareil de reconnaissance de terminal
US20210153270A1 (en) Method and Device for Device-To-Device (D2D) Communication
EP3410775A1 (fr) Terminal de communication et procédé permettant d'établir une connexion
JP2023040195A (ja) 通信方法、及びユーザ装置
CN113748649A (zh) 用于服务链的方法、设备和计算机可读介质
WO2024027946A1 (fr) Procédés et appareils de vérification d'identité
US11323841B2 (en) Methods and apparatuses for exposure of presence reporting area functionality
US11930424B2 (en) Method and apparatus for location based group message delivery
CN115299168A (zh) 用于切换的方法和装置
US20220353668A1 (en) Methods, network function nodes and computer readable media for contents communication management
CN116266923A (zh) 用在故障监控管理服务消费方和生产方的装置
CN117616784A (zh) 用于建立具有所要求的服务质量的会话的方法和装置
EP3884698A1 (fr) Procédé et appareil pour la configuration de paramètres

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22803314

Country of ref document: EP

Kind code of ref document: A1