WO2024146696A1

WO2024146696A1 - Managing a communication session between a user and an entity

Info

Publication number: WO2024146696A1
Application number: PCT/EP2023/050171
Authority: WO
Inventors: Niklas LINDSKOG; Gunilla BERNDTSSON; Peter ÖKVIST; Tommy Arngren
Original assignee: Telefonaktiebolaget Lm Ericsson (Publ)
Priority date: 2023-01-05
Filing date: 2023-01-05
Publication date: 2024-07-11

Abstract

A method (100) is disclosed for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The method comprises obtaining a minimum required environmental privacy classification for the communication session (110), obtaining an environmental privacy classification of an environment in which the user will participate in the communication session (120), and comparing two environmental privacy 0classifications (130). The method further comprises, if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session (140), initiating action (150) to perform at least one of changing the environment in which the user will participate in the communication session, changing a communication channel between the entity and the user, and/or prohibiting the communication session from proceeding.

Description

Managing a communication session between a user and an entity

Technical Field

The present disclosure relates to methods for managing and for facilitating management of a communication session between a user and an entity. The methods may be performed by a privacy management node and a communication network node respectively. In some examples, the privacy management node may be instantiated in a wireless device. The present disclosure also relates to a privacy management node, a communication network node, and to a computer program product configured, when run on a computer, to carry out methods for managing and for facilitating management of a communication session between a user and an entity.

Background

Digital communication between devices has been subject to attack, and consequent security measures to prevent such attack, for decades. Transport Layer Security (TLS) is now a well-established protocol standard to protect digital communications, using cryptographically tested algorithms such as Advanced Encryption Standard (AES) and Diffie-Hellman Key Exchange (DHKE). In contrast, the communication channel between a user and their device is a less researched attack vector. Eavesdropping on communication through observing audio/visual content often requires physical access but in contrast bypasses all protection placed on the digital communication.

Communication sessions including audio/visual content that may require privacy, owing for example to content of a sensitive or confidential nature, are generally conducted using digital devices. It may be very difficult for a user to assess if the current physical and/or digital environment is suitable for a privacy-demanding conversation. Some patents have presented solutions on how to ensure that no unintended user/device hears a conversation, but this requires either persistent white noise, such as in US11069332, or a precise knowledge of where the relevant devices are placed, including knowledge of sound propagation in the environment to address indirect sound propagation, as in US11388516. Some contemporary solutions track other device's whereabouts. For example, some Apple® devices are operable to notify a user if an unknown Airtag has followed a user's devices. Summary

It is an aim of the present disclosure to provide methods, a privacy management node, a communication network node, and a computer program product which at least partially address one or more of the challenges mentioned above. It is a further aim of the present disclosure to provide methods, a privacy management node, a communication network node, and a computer program product which cooperate to facilitate privacy management of a communication session taking place between a user and an entity. In some examples the privacy management may concern a direct communication channel between the user and the entity, in other examples, the privacy management may concern a communication channel between the user and a wireless device using which the user participates in the communication session.

According to a first aspect of the present disclosure, there is provided a method for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The method, performed by a privacy management node, comprises obtaining a minimum required environmental privacy classification for the communication session, obtaining an environmental privacy classification of an environment in which the user will participate in the communication session, and comparing the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session. The method further comprises, if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, initiating action to perform at least one of (i) changing the environment in which the user will participate in the communication session, (ii) changing a communication channel between the entity and the user for the duration of the communication session, and/or (iii) prohibiting the communication session from proceeding.

According to another aspect of the present disclosure, there is provided a method for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The method, performed by a communication network node, comprises providing information about the radio environment of the user to a privacy management node, wherein the privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one or more of the examples set out in the present disclosure.

According to another aspect of the present disclosure, there is provided a computer program product comprising a computer readable non-transitory medium, the computer readable medium having computer readable code embodied therein, the computer readable code being configured such that, on execution by a suitable computer or processor, the computer or processor is caused to perform a method according to any one of the aspects or examples of the present disclosure.

According to another aspect of the present disclosure, there is provided a privacy management node for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The privacy management node comprises processing circuitry configured to cause the privacy management node to obtain a minimum required environmental privacy classification for the communication session, obtain an environmental privacy classification of an environment in which the user will participate in the communication session, and compare the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session. The processing circuitry is further configured to cause the privacy management node to, if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, initiate action to perform at least one of (i) changing the environment in which the user will participate in the communication session, (ii) changing a communication channel between the entity and the user for the duration of the communication session, and/or (iii) prohibiting the communication session from proceeding.

According to another aspect of the present disclosure, there is provided a privacy management node for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The privacy management node is configured to obtain a minimum required environmental privacy classification for the communication session, obtain an environmental privacy classification of an environment in which the user will participate in the communication session, and compare the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session. The privacy management node is further configured to, if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, initiate action to perform at least one of: (i) changing the environment in which the user will participate in the communication session, (ii) changing a communication channel between the entity and the user for the duration of the communication session, and/or (iii) prohibiting the communication session from proceeding.

According to another aspect of the present disclosure, there is provided a communication network node for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The communication network node comprises processing circuitry configured to cause the communication network node to provide information about the radio environment of the user to a privacy management node, wherein the privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one or more of the examples set out in the present disclosure.

According to another aspect of the present disclosure, there is provided a communication network node for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The communication network node is configured to provide information about the radio environment of the user to a privacy management node, wherein the privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one or more of the examples set out in the present disclosure.

Aspects of the present disclosure thus provide methods and nodes that enable management of privacy for a conversation taking place between a user and an entity. In some examples the privacy management may concern a direct communication channel between the user and the entity, in other examples, the privacy management may concern a communication channel between the user and a wireless device using which the user participates in the communication session.

Brief Description of the Drawings

For a better understanding of the present disclosure, and to show more clearly how it may be carried into effect, reference will now be made, by way of example, to the following drawings in which:

Figure 1 is a flow chart illustrating process steps in a method for managing a communication session between a user and an entity;

Figures 2a to 2f show flow charts illustrating process steps in another example of a method for managing a communication session between a user and an entity;

Figure 3 is a block diagram illustrating functional modules in an example privacy management node;

Figure 4 is a block diagram illustrating functional modules in an example communication network node;

Figure 5 is a flow chart illustrating an example implementation of the methods disclosed herein.

Detailed

Examples of the present disclosure propose methods that may be operative in a wireless device and/or in the cloud, and which determine whether a privacy classification required for a communication session involving at least two parties can be fulfilled. The methods are performed by a privacy management node, which may be instantiated in a wireless device, in the cloud, or in a combination of a wireless device and a cloud or other location. The methods disclosed herein may use available sensor data to determine the privacy classification of the current surroundings of a user, and determine if a classification required for a communication session is fulfilled or not. Depending on the assessment a device may take appropriate actions. When a conversation is to take place between a wireless device and another entity, which may be another user or may be a server, machine device or other entity, a required privacy classification is determined for content of the conversation. Any or all of the devices present for the conversation may be running privacy management nodes and make this determination, and may do so in combination, for example via a negotiation. The required privacy classification may be defined by determining the parties in the conversation, contextual information such as time-of-day, position, activated profile on device, etc., and scheduled conversation content, for example from an agenda or other information. When the required privacy classification has been defined, an environment privacy classification may be determined for the current environment, or a future environment in which the user will be for the conversation. This may be determined by any one or more of scanning the radio, optical, and/or audio environment, checking a location or asking for an evaluation from an external party such as a mobile operator. The radio environment can be used to determine nearby devices, and optical and audio input can be used to identify the environment, such as sounds of an ongoing party or train station. The factors can be taken into account to assess the privacy classification of the environment. If the privacy classification of the environment is not equal or better than the required privacy classification for the conversation, appropriate action may be taken. The checking of the environment privacy classification against the required privacy classification may be performed for the entire duration of the conversation or according to policy.

Figure 1 is a flow chart illustrating process steps in a method 100 for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The method is performed by a privacy management node, which may comprise a physical or virtual node, and may be instantiated at least partially in the wireless device, in a computer system, computing device or server apparatus and/or in a virtualized environment, for example in a cloud, edge cloud, an Open Radio Access Network, O-RAN, or fog deployment. Examples of a virtual node may include a piece of software or computer program, a code fragment operable to implement a computer program, a virtualised function, or any other logical entity. The privacy management node may encompass multiple logical entities, which may be instantiated in different locations.

Referring to Figure 1 , the method 100 comprises, in step 110, obtaining a minimum required environmental privacy classification for the communication session, and, in step 120, obtaining an environmental privacy classification of an environment in which the user will participate in the communication session. In step 130, the method 100 comprises comparing the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session. The method 100 further comprises, if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session as determined in step 140, initiating action to perform at least one of changing the environment in which the user will participate in the communication session, changing a communication channel between the entity and the user for the duration of the communication session, and/or prohibiting the communication session from proceeding.

The method 100 provides a solution for privacy management of the final communication link between device and user, and/or for a direct communication link “over the air” between a user and an entity participating in a communication session. It will be appreciated that while in many examples, the privacy management node may be instantiated in the wireless device itself, such that the method 100 is performed in the wireless device, it may be that at least some of the method could be performed in a location other than the wireless device. The privacy management node could for example be a virtual node comprising multiple logical entities, and while it could be running entirely on the wireless device, one or more if its logical entities could be instantiated in a communication network, for example in a cloud or edge cloud deployment. The entity participating in the communication session could be another user or could be a logical entity such as a server, a service, an application, an loT device, or other.

According to some examples of the present disclosure, an environmental privacy classification may comprise an evaluation of an extent to which privacy of information exchanged on a communication channel between the user and the entity can be maintained within an environment. The communication channel between user and entity may be audio and/or visual. In some examples, the user may participate in the communication session using the wireless device, and an environmental privacy classification may comprise an evaluation of an extent to which privacy of information exchanged on a communication channel between the user and the wireless device can be maintained within an environment. Figures 2a to 2f show flow charts illustrating another example of a method 200 for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. As for the method 100 discussed above, the method 200 is performed by a privacy management node, which may comprise a physical or virtual node, and may be instantiated at least partially in the wireless device, in a computer system, computing device or server apparatus and/or in a virtualized environment, for example in a cloud, edge cloud, an Open Radio Access Network, O-RAN, or fog deployment. Examples of a virtual node may include a piece of software or computer program, a code fragment operable to implement a computer program, a virtualised function, or any other logical entity. The privacy management node may encompass multiple logical entities, which may be instantiated in different locations. The method 200 illustrates examples of how the steps of the method 100 may be implemented and supplemented to provide the above discussed and additional functionality.

Referring initially to Figure 2a, in a first step 202, the privacy management node may check for satisfaction of a trigger condition. The trigger condition may for example comprise a request to carry out the method by at least one participant in the communication session, as illustrated at 202a, or detection of a method activation keyword, as illustrated at 202b. A method activation keyword may comprise any word or phrase that is predefined to trigger the execution of the method 200. This may be distinguished from classification activation keywords, which, as discussed in further detail below, are words or phrases that are predefined to correspond to a certain classification. In some examples, one or more method termination keywords may also be defined, so as to enable the user to terminate the method should the topic of the communication session change during the session, meaning privacy is no longer required.

On satisfaction of the trigger condition at step 202, the privacy management node may then obtain a minimum required environmental privacy classification for the communication session. As illustrated at 210a and 210b, this may comprise obtaining communication session classification factors, and evaluating the obtained communication session classification factors against a communication session classification policy, wherein the communication session classification policy is operable to map the obtained classification factors to a minimum required privacy classification for the communication session. The communication session classification factors may comprise any one or more of a topic of the communication session, an identity of communication session participants, a proof of identity of the communication session participants, a communication session context, an indicated minimum required environmental privacy classification provided by a communication session participant, and/or a detected classification activation keyword.

A topic of the communication session may be manually input by a participant, or may be determined from analysis of an agenda or associated attachments.

An identity of participants may include for example a personal or a corporate identity, and a proof of identity of the communication session participants may include a PIN code, password, cryptographic signature, response to a challenge, or any other proof operable to demonstrate that the participant is in valid possession of the identity.

A context may include any one or more of the following information. For example, network context may include a network location such as public WiFi, private WiFi, Cellular, Enterprise network, etc. The network location may indicate that the wireless device is connected to a particular network through a particular access point, or may indicate one or more networks that the wireless device is able to detect. Each option for network location (connection and/or detection) provides a different degree of credibility and granularity of position for the wireless device. Network context may additionally or alternatively include a time of day, a personal or business profile that is activated on the wireless device, and/or position of user and/or wireless device and/or constellation of devices. For example, if the user is standing 5 meters from the wireless device, the consequences for privacy of communication exchanged between the user and the wireless device, and the consequences for the device’s ability to accurately reflect the privacy of the user’s environment, are considerable. Separation between the user and the wireless device, as well as their individual positions within the environment, may therefore be relevant to the determination of a minimum required privacy classification. A constellation of devices might include smartphone only, smartphone and headset, smartphone and smart watch and headset, etc.

A detected classification activation keyword may comprise any word or phrase that is predefined to correspond to a certain classification. This may be input deliberately by the user, via any appropriate means, including via an interface such as a touch screen, or by being detected as an audio classification activation word or phrase.

According to examples of the present disclosure, any of the above factors may be received, and in some examples requested, from communication session participants, may be detected by the privacy management node or by functionality on the wireless device or elsewhere, or may be obtained in any other suitable manner.

In some examples, obtaining a minimum required environmental privacy classification for the communication session may comprise negotiating the minimum required environmental privacy classification for the communication session with the entity, as illustrated at step 210c. This negotiation may take various different forms, including for example comparing and accepting the highest classification proposed by a participant in the communication session, or any other suitable negotiation practice. In some examples, an identity of the user may be relevant to determining whether a certain minimum required environmental privacy classification can be defined, with only certain corporate or other identities authorized to propose a reduction in the minimum required environmental privacy classification.

Referring now to Figure 2b, in step 220, the privacy management node obtains an environmental privacy classification of an environment in which the user will participate in the communication session. As illustrated at 220a, this may comprise obtaining an environmental privacy classification of at least one of the user’s current environment, and/or the environment in which the user is predicted to be at a time at which the communication session is scheduled to take place.

Either of the above steps may comprise in some examples obtaining a history of previous environmental privacy classifications. For example, the current or predicted environment of the user may be an environment in which the user has previously been, and consequently at least some of the environmental classification factors from a previous classification may still be valid.

As illustrated at steps 220b and 220c, obtaining an environmental privacy classification of an environment in which the user will participate in the communication session may comprise obtaining environment classification factors, and evaluating the obtained environment classification factors against an environment classification policy, wherein the environment classification policy is operable to map the obtained classification factors to an environment privacy classification for the environment. The environment classification factors may relate to at least one of the radio environment of the user, the physical environment of the user, and/or a virtual environment of the user. The physical environment of the user may comprise at least one of the optical environment, the audio environment, and/or the geographic environment of the user. The geographic environment may include a geographic location. Aspects of the physical environment may be determined from input from the wireless device and/or connected sensors the output of which is available to the privacy management node. For example, a wireless device having input from smart home motion sensors may deduct someone and/or something in a particular location. A virtual environment may include any logical or other entities present in the environment, for example if the user is participating in the communication session while occupying a virtual environment. The virtual environment may for example comprise a virtual reality environment.

Figure 2d illustrates further detail concerning the environment classification factors. Referring to Figure 2d, obtaining environment classification factors relating to the radio environment of the user may comprise at least one of listening for communications on a radio interface at step 220ai and/or requesting information about the radio environment from a communication network at step 220aii. The radio interface may for example be an interface compatible with 3GPP standards, a Wi-Fi interface, a Bluetooth interface, a WiMAX interface, a Lora interface, a UWB interface, and/or other technology. Listening on a radio interface may comprise evaluating the address field in intercepted communications to determine whether a detected device’s physical/static IP address, MAC address, application layer identity, or any other identifier is in a list of trusted addresses, or in a list of suspect or non-trusted addresses. Listening on a radio interface may also or alternatively comprise requesting certificates to establish cryptographic proof of identities of detected devices.

Requesting information from a communication network may comprise requesting from a communication network to which the wireless device is connected. The requested information could include a number and characteristics of devices connected to the network within a given area, such as a cell or group of neighboring cells. In other examples, the management node could listen for devices and then request information about detected devices. In some examples, the management node could request information from one or more communication networks via an intermediary. An intermediary could for example be a service offering information from all communication networks operating in a given geographic area.

Obtaining environment classification factors relating to the optical environment of the user may comprise accessing optical environment sensors in the vicinity of the wireless device at step 220aiii, and using the accessed sensors to identify at least one of entities with line-of-sight access to the wireless device, entities in the vicinity of the wireless device, and/or whether the environment is indoor or outdoor in step 220aiv. Optical environment sensors may include visual sensors, Lidar, thermal sensors, “radar”, passive infrared, microwave, ultrasound, etc. Optical environment sensors in the vicinity of the wireless device may comprise sensors on the device, such as a device camera, or sensors in the environment, including security or surveillance cameras, connected home, building or factory devices, etc. Entities in the vicinity or with line-of-sight access may be human users or other devices.

Obtaining environment classification factors relating to the audio environment of the user may comprise accessing audio environment sensors in the vicinity of the device at step 220av, and using the accessed sensors to evaluate the environment for the presence of target sounds in step 220avi. Audio environment sensors in the vicinity of the wireless device may be sensors on the device, such as a device microphone, device camera, or sensors in the environment, including microphones on security or surveillance cameras, connected home, building or factory devices, etc. Target sounds may include human voices, background noise, white noise, etc.

Obtaining environment classification factors relating to the geographic environment of the user may comprise determining a geographic location of the environment in step 220avii, and mapping the determined geographic location to at least one classification factor in step 220aviii. The classification factors may include for example enterprise premises, competitor premises, public space, private home, remote location with limited connectivity, dense urban area, etc.

Referring again to Figure 2b, in step 230, the privacy management node compares the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session. If, at step 240, the privacy management node determines that the environmental privacy classification of the environment in which the user will participate in the communication session is equal to or greater than the minimum required environmental privacy classification for the communication session, then the privacy management node determines that the communication session may proceed at step 242.

Referring now to Figure 2c, if at step 240, the privacy management node determines that the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, the privacy management node initiates action at step 250 to perform at least one of (i) changing the environment in which the user will participate in the communication session, (ii) changing a communication channel between the entity and the user for the duration of the communication session, and/or (iii) prohibiting the communication session from proceeding. As discussed above, in some examples, the user participates in the communication session using the wireless device, and in such examples, changing a communication channel between the entity and the user for the duration of the communication session comprises changing a communication channel between the wireless device and the user for the duration of the communication session.

As illustrated at step 250a, initiating action to change the environment in which the user will participate in the communication session may comprise at least one of generating white noise with a defined spatial coverage, frequency spectrum and amplitude, generating at least one of an audio suppression volume or an audio confinement volume, instructing the user to change their location, and/or instructing the entity to change its location. With respect to generating white noise, white noise spatial coverage defines where the white noise should be generated (specific direction, geographical area, etc.), white noise frequency spectrum defines what frequencies the noise will contain, and white noise amplitude defines how loud the noise should be. The white noise may for example be a partial or full white noise bubble, or a white noise beam in a specific direction. The specific direction of a white noise beam may for example be in the direction of an individual detected in the environment. The white noise masks the sound of the communication session in its coverage area. With respect to changing of location, it will be appreciated that either or both of the user and/or the entity may be instructed to change their location, and consequently that of their wireless device, if the entity is also a user having a wireless device. Changing the entity location may impact upon the communication channel between the entity and the user, and so be relevant to the environment privacy classification of the user’s environment.

As illustrated at 250b, initiating action to change a communication channel between the entity and the user for the duration of the communication session may comprise at least one of instructing the user to use a specific peripheral device, and/or pausing at least one of audio playback, video playback, and/or media presentation for the communication session.

The peripheral device could be for use with the wireless device, i.e., to change the communication channel between the user and the wireless device, or it could be for use independently of the wireless device, or the peripheral device could implicate using the wireless device for the communication session instead of using direct over the air communication between the entity and the user. A communication channel may be changed by adjusting the channel medium, for example changing the audio channel between device and user from audio broadcast to audio via a wired or wireless headset, or one or more communication channels between the device and user may be suspended entirely. A peripheral device may include headphones, headphone and microphone set, visual filter device, etc. In some examples, the resumption of paused audio or video playback, or media presentation, may be made dependent on the use of the instructed peripheral. For example, audio playback may be paused until a wired headset is plugged in.

As illustrated at 250c, initiating action to prohibit the communication session from proceeding may comprise pausing all audio playback, video playback and media presentation associated with the communication session. In some examples, the communication session may be prevented from proceeding unless and until an updated environment classification is at least equal to the required minimum classification.

In step 260, the privacy management node may inform the user of the initiated action, for example by displaying an information message on the wireless device.

In step 270, the privacy management node may update or renegotiate the minimum required privacy classification on fulfilment of a condition. As illustrated at 270a, the condition may comprise at least one of entry or exit of an entity from the communication session and/or expiry of a scheduled time period. The scheduled time period may change according to the original minimum required privacy classification, or some other security context, such that for example the higher the security requirement, the more frequently the minimum required privacy classification is updated or renegotiated.

It will be appreciated that in some examples of the present disclosure, the running order of the steps of the methods 100 and 200 may be changed according to different use cases. In one example, the environmental classification of the environment in which the user is located could be substantially continuously evaluated, with the minimum required environmental privacy classification for a communication session being obtained, and subsequent comparison and initiating of actions, only when such a communication session is scheduled or initiated.

Figures 2e and 2f illustrate further steps of the method 200, that may be carried out during the communication session, for example following execution of the above described steps 202 to 270. Referring initially to Figure 2e, during the communication session, the privacy management node may monitor the communication session for at least one of keywords and/or classification activation keywords in step 280a, and, on detection of at least one of a keyword or a classification activation keyword in step 280b, obtain an updated minimum required environmental privacy classification for the communication session in step 280c. In step 280d, the privacy management node may compare the updated minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user is participating in the communication session. If the privacy management node determines at step 280e that the environmental privacy classification of the environment in which the user is participating in the communication session is equal to or greater than the updated minimum required environmental privacy classification for the communication session, the privacy management node may determine that the user may proceed with the communication session at step 280f. If the privacy management node determines at step 280e that the environmental privacy classification of the environment in which the user is participating in the communication session is not at least equal to the updated minimum required environmental privacy classification for the communication session, the privacy management node may initiate action in step 280g to perform at least one of changing the environment in which the user is participating in the communication session, changing a communication channel between the entity and the user for the duration of the communication session, and/or prohibiting the communication session from proceeding. Step 280g may be carried out substantially as described above with reference to step 250.

Referring now to Figure 2f, during the communication session, the privacy management node may monitor the environment in which the user is participating in the communication session for a change in the environmental privacy classification of the environment in step 290a. On detection of a change in the environmental privacy classification of the environment at step 290b, the privacy management node may compare the minimum required environmental privacy classification for the communication session with the updated environmental privacy classification of the environment in which the user is participating in the communication session at step 290c. If the privacy management node determines at step 290d that the updated environmental privacy classification of the environment in which the user is participating in the communication session is at least equal to the minimum required environmental privacy classification for the communication session, the privacy management node determines at step 290e that the communication session may proceed. If the privacy management node determines at step 290d that the updated environmental privacy classification of the environment in which the user is participating in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, the privacy management node initiates action at step 290f to perform at least one of changing the environment in which the user is participating in the communication session, changing a communication channel between the entity and the user for the duration of the communication session, and/or prohibiting the communication session from proceeding. Step 290f may be carried out substantially as described above with reference to step 250.

In the event that the method 200 is run before the communication session is scheduled to begin, on the basis of a predicted or scheduled user location, the additional checks illustrated in Figure 2f may be performed at the start of the communication session, for example immediately before the communication session is established, to confirm that the classification of the environment in which the user was predicted to be is in fact consistent with the classification of the environment in which the user is actually located.

The methods 100 and 200 may be complemented by a method performed by a communication network node for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session. The communication network node may comprise a physical or virtual node, and may be implemented in a computer system, computing device or server apparatus and/or in a virtualized environment, for example in a cloud, edge cloud, an Open Radio Access Network, O-RAN, or fog deployment. Examples of a virtual node may include a piece of software or computer program, a code fragment operable to implement a computer program, a virtualised function, or any other logical entity. The communication network node may for example be implemented in a core network of a communication network. The communication network may be an LTE network, a New Radio (NR) network or any other existing or future communication network system, and the communication network node may be implemented in a Radio Access node, which itself may comprise a physical node and/or a virtualized network function that is operable to exchange wireless signals. In some examples, a Radio Access node may comprise a base station node such as a NodeB, eNodeB, gNodeB, or any future implementation of this functionality. The communication network node may encompass multiple logical entities, and may for example comprise a Virtualised Network Function (VNF). The method performed by a communication network node comprises providing information about the radio environment of the user to a privacy management node. The privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one or more of the examples described herein. The communication network node may for example provide such information on request from a privacy management node or other third party.

As discussed above, the methods 100 and 200 are performed by a privacy management node, and the present disclosure provides a privacy management node that is adapted to perform any or all of the steps of the above discussed methods. The privacy management node may comprise a physical node such as a computing device, server etc., or may comprise a virtual node. A virtual node may comprise any logical entity, such as a Virtualized Network Function (VNF) which may itself be running in a cloud, edge cloud or fog deployment. In some examples, the privacy management node is instantiated at least partially in the wireless device of the user, and the present disclosure also provides a wireless device comprising a privacy management node as disclosed herein. In other examples, the privacy management node may be instantiated in a physical or virtual server in a centralised or cloud based deployment. Figure 3 is a block diagram illustrating an example privacy management node 300 which may implement the method 100 and/or 200, as illustrated in Figures 1 and 2a to 2f, according to examples of the present disclosure, for example on receipt of suitable instructions from a computer program 350. Referring to Figure 3 the privacy management node 300 comprises a processor or processing circuitry 302, and may comprise a memory 304 and interfaces 306. The processing circuitry 302 is operable to perform some or all of the steps of the method 100 and/or 200 as discussed above with reference to Figures 1 and 2a to 2f. The memory 304 may contain instructions executable by the processing circuitry 302 such that the privacy management node 300 is operable to perform some or all of the steps of the method 100 and/or 200, as illustrated in Figures 1 and 2a to 2f. The instructions may also include instructions for executing one or more telecommunications and/or data communications protocols. The instructions may be stored in the form of the computer program 350. In some examples, the processor or processing circuitry 302 may include one or more microprocessors or microcontrollers, as well as other digital hardware, which may include digital signal processors (DSPs), special-purpose digital logic, etc. The processor or processing circuitry 302 may be implemented by any type of integrated circuit, such as an Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) etc. The memory 304 may include one or several types of memory suitable for the processor, such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, solid state disk, hard disk drive, etc. The privacy management node 300 may further comprise interfaces 306, which may be operable to facilitate communication with a communication network node, and/or other nodes, over suitable communication channels.

As discussed above, the present disclosure also provides a communication network node that is adapted to perform any or all of the steps of the above discussed method for facilitating management of a communication session between a user and an entity. The communication network node may comprise a physical node such as a computing device, server etc., or may comprise a virtual node. A virtual node may comprise any logical entity, such as a Virtualized Network Function (VNF) which may itself be running in a cloud, edge cloud or fog deployment. The communication network node may be operable to be instantiated in a cloud based deployment.

Figure 4 is a block diagram illustrating an example communication network node 400 which may implement the above discussed method for facilitating management of a communication session between a user and an entity, for example on receipt of suitable instructions from a computer program 450. Referring to Figure 4, the communication network node 400 comprises a processor or processing circuitry 402, and may comprise a memory 404 and interfaces 406. The processing circuitry 402 is operable to perform some or all of the steps of the above discussed method for facilitating management of a communication session between a user and an entity. The memory 404 may contain instructions executable by the processing circuitry 402 such that the communication network node 400 is operable to perform some or all of the steps of the above discussed method for facilitating management of a communication session between a user and an entity. The instructions may also include instructions for executing one or more telecommunications and/or data communications protocols. The instructions may be stored in the form of the computer program 450. In some examples, the processor or processing circuitry 402 may include one or more microprocessors or microcontrollers, as well as other digital hardware, which may include digital signal processors (DSPs), special-purpose digital logic, etc. The processor or processing circuitry 402 may be implemented by any type of integrated circuit, such as an Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) etc. The memory 404 may include one or several types of memory suitable for the processor, such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, solid state disk, hard disk drive, etc. The communication network node 400 may further comprise interfaces 406, which may be operable to facilitate communication with a privacy management node, and/or other nodes, over suitable communication channels.

Figures and 2a to 2f discussed above provide an overview of methods which may be performed by a privacy management node according to different examples of the present disclosure. The methods enable management of privacy of a communication session, determining whether a user environment at the time of the communication session is operable to provide a level of privacy required by the communication session, and taking appropriate action if this is not the case. There now follows a detailed discussion of how different process steps illustrated in Figures 1 to 2f and discussed above may be implemented. The functionality and implementation detail described below is discussed with reference to the nodes of Figures 3 and 4 performing examples of the methods described herein. Figure 5 illustrates a process flow implementing an example of the methods disclosed herein. In the illustrated implementation, the steps of the process flow are performed by a privacy management node that is instantiated on the wireless device of at least one of the participants (the user) in the communication session. As discussed in further detail below, in some examples, privacy management nodes may be running on multiple wireless devices, each belonging to a participant in the communication session, and the devices may for example collaborate set a joint privacy classification for the session. In further examples, at least one of the other participants in the conversation may be an application or server, and the communication may be for example a confidential presentation, which could be service to user, or application to user.

Step 1 - When a communication session, referred to below as a conversation, is to be established between a user in possession of a first wireless device and an entity, which may for example be another user in possession of a second wireless device, a minimum required privacy classification is associated with the conversation. The conversation may for example be a phone call, video chat or any other conversation which includes audio and/or visual content. In a further example, the conversation may also be a communication session with a non-human entity.

Step 2 - The required privacy classification is determined by the first device by performing one or more of the following steps:

• determining the other party(ies) in the conversation, including for example their respective affiliation, etc.

• context (time-of-day, geographical location, relative positions of users and their devices, activated profile private/business on device)

• by manual interaction by the user.

The minimum required privacy classification may be established on the basis of a combination of factors such as:

• Involved parties (who is in the conversation)

• Context (where/in what role [professional/personal] is the conversation taking place for each party)

• Attributes associated with the meeting, (e.g., agenda items, content of attached documents, etc.)

• Manual interaction from the user (e.g., manually defining if extra privacy is needed for the conversation, keywords, what will the conversation include) This combination of factors is evaluated using a first policy which determines the appropriate required privacy classification. The policy may for example map the combination of factors to a specific privacy classification. The policy may be a general policy for all devices, a policy for a company associated with a particular wireless device, a policy for a specific user, a policy for professional/personal context etc. The policy may further comprise different required privacy classification categories (for example none, low, mid, high, etc.) or numerical values. The factors above are used to create a numerical value or to map the conversation into a category.

Table 1 : Example of how to define privacy categories. The chosen category (on the left) may be defined by highest requirement or where a majority of the factors are placed

Table 2: Example of numerical values adding up to privacy classification. On the left of the T able, the factors and their numerical contributions are listed. On the right, thresholds are specified for different privacy classifications.

Step 3 - When the required privacy classification has been defined, the wireless device then determines the privacy classification of the environment as described below. Alternatively, the device may continuously determine the privacy classification of the environment, and may consequently be able to indicate the current privacy classification of the environment before the minimum required privacy classification for the conversation is established.

In order to determine the privacy classification of the environment, the device may evaluate:

• its position, to determine if it is in a location in which a particular security classification is allowed (e.g., in a soundproof room at the office), or explicitly disallowed (e.g., in a competitor’s office).

• radio interfaces (e.g., 3GPP, WiFi, Bluetooth, etc.) and possibly broadcasts on these interfaces for traffic indicating that devices are nearby. The address field in the intercepted communication may be evaluated to check if the device’s physical I static IP address is in a list of trusted devices. Furthermore, the device may ask for certificates to establish cryptographic proof of the identities of detected devices.

• audio environment by recording using microphone and evaluating the sounds to either determine the environment as a whole or listen for specific sounds (such as human voices). Such audio environment evaluation may be used for example by music services and/or voice assistants.

• optical environment by using camera or other visual sensors on the device. The device may for example scan for humans, a nature of the environment (e.g., inside/outside) etc. The result of at least one of these processes is evaluated using a second policy which translates the result into a privacy classification of the environment. Table 3: An example of how the current privacy classification may be defined.

As in table 1 , the classification may be defined by the highest/lowest factor or where the majority of the attributes are.

Step 4 - The device can now check whether the privacy classification of the environment is equal to or higher than the minimum required privacy classification. If this is the case, then step 5 below can be omitted, and the device can proceed directly to step 6, and what may be considered as a monitoring phase. If the environment privacy classification is not at least equal to the minimum required privacy classification for the conversation, then the device proceeds to step 5. Step 5 - If the device determines that the environment privacy classification does not fulfil the minimum required for the conversation, the device may take a range of actions to address this situation, including:

• Creating a white noise bubble around the device. A noise bubble may be rendered at playout volume X/spectral attributes X for conditions X, and at volume Y/spectral attributes Y at condition Y. For example, a user in one scenario may be equipped with a headset with active noise suppression capabilities. In such a situation, the device creating a noise bubble may provide the signal of the noise bubble to the noise-reduction algorithm of the headset, so as to enable optimal noise reduction effect for the user. The white noise frequency and intensity may be setup manually or automatically.

• Projecting a white noise “sound beam” in a particular direction. The direction could be that of the closest neighboring device, the device of lowest trust value in the environment, or the direction of any or all other “non-trusted devices”.

• Indicating to the user that the environment is not suitable for the conversation.

• Suggesting or enforcing change of input/output device so as to change a communication channel between the device and the user. For example, the device could require use of a headset instead of a device external speaker. In some examples, content could be muted until the required peripheral is connected.

• Muting the device. This may be associated with a visual or haptic notification for the user. In some examples, device muting may only apply to certain content, video, audio, media presentation, etc., and may be dependent upon a change in the environment, or applied to specific content in the conversation.

Step 6 - The device may perform steps 3-5 throughout the duration of the conversation according to policy. In some examples, the device may iterate steps with a certain frequency depending on privacy class, so for example, if a minimum privacy requirement for the conversation is low, then an initial check on environment privacy classification may be sufficient, and the method steps are iterated only once. If, however, the minimum privacy requirement is high, then the device may make frequent checks of the environment privacy classification throughout the conversation, to check for changes. In other examples, the device may re-check the environment privacy classification only if the minimum required privacy classification of the conversation changes, or if a change in the environment is detected (i.e. , the user moves, or some feature of the environment changes such as a new device entering the environment).

External devices for determining privacy

In some examples, the privacy management node, instantiated on the wireless device or elsewhere, may interact with a communication server (e.g., a mobile operator) to determine the current environment, as the communication server has knowledge of what devices are present in a given environment. The communication server may have a predefined policy of what devices are considered to be safe from a privacy perspective. For example, all devices owned by the same company may have the same privacy classification.

Determining an environment privacy classification may therefore in some examples involve the device contacting a mobile network operator and querying if devices registered with its current base station/cell (and possibly nearby base station(s)) are trusted for the current security classification of the conversation. In one example, the device may contact several different operators, each of which provide coverage to the same geographical area. As the device might not be aware which operators are present in the current area, this may be achieved by having an intermediate service that receives a query from the device and distributes the query to all operators.

In some examples, the device may use other external devices to determine the privacy classification of its environment, for example using external cameras, microphones, hall monitor sensors, etc. These external devices may be pre-defined and queried depending on where the user device is located. For example, if the wireless device is in a hotel lobby, check the security camera for the lobby to determine the environment.

Keywords / Activation phrases

In one example, the minimum required privacy classification may be updated or changed on the basis of certain keywords or activation phrases. Keywords may be detected by the privacy management node running on the device, and may be used to determine that the content of a conversation has evolved to cover topics not previously indicated by an agenda or other documents, and implying an updating of the minimum required privacy classification of the conversation. Activation phrases may comprise pre-defined phrases that may be spoken by the user to consciously force a change in minimum required privacy classification.

Joint classification

In some examples of the present disclosure, privacy management nodes may be running on multiple wireless devices, each device belonging to a participant in the conversation. In such examples, the nodes may negotiate to agree a minimum required privacy classification for the conversation. It may be that one node may wish to enforce a higher minimum requirement than other devices, and it may be that only a node associated with a user having a certain profile may be authorized to allow a lower minimum required privacy classification. For example, it may be that only a meeting organizer, a trusted user, or others may allow a less restrictive setting to be applied to an ongoing session.

In further examples, one or more privacy management nodes may re-negotiate the minimum required privacy classification as participants or devices enters or leave the conversation. Depending on content and type of session, etc. some sessions may disallow the privacy setting to be updated during ongoing session. In some examples, privacy management nodes may suggest a least a required set of input/output devices to use, and/or allowed context/location for a user before they join a conversation of a particular minimum required privacy classification. Disclosure of meeting media sharing may stop if an environment having a lower privacy classification and/or in combination is entered, or with changed device security class.

In some examples, the privacy management node may continuously keep track of the privacy classification of the environment in which it is located, regardless of whether or not a conversation is to be started. This may reduce a time delay to complete the method when a new conversation is to be started, as the environment privacy classification of the current environment is already known.

Examples of the present disclosure thus provide methods and nodes that offer a dynamic solution to privacy management of a communication session. The privacy management takes account of the content of the communication session, and the environment of the user, and initiates appropriate action if there is a mismatch between a required privacy classification of the communication session and the privacy classification of the user’s environment. The methods disclosed herein can be triggered when a conversation is to take place between a user device and at least one other entity. A minimum required privacy classification is determined according to the intended, scheduled, and/or determined content of the conversation. Particular aspects of the present disclosure include:

• One or more user devices, which may be equipped with sensors including IMU, cameras, microphone, etc., and are connected to a communication service (which may be running on a cloud server).

• A privacy classification method performed by a privacy management node (instantiated in a device and/or cloud server).

• A privacy classification assessment of a communication session and its participants.

• A privacy classification assessment of the surroundings (environment) of a device involved in the communication session. The privacy classification assessment may consider session topic, participants’ geographical position, and digital environment of each device involved in the communication session.

• A method that determines and triggers an appropriate action depending on a comparison of the required privacy classification and the privacy classification associated with the users’ surroundings.

• In some examples, the privacy classification assessment may be further impacted by the communication service, which may supply an assessment of the environment based on other devices that are connected to the communication service and are in the vicinity of the relevant devices.

The methods of the present disclosure may be implemented in hardware, or as software modules running on one or more processors. The methods may also be carried out according to the instructions of a computer program, and the present disclosure also provides a computer readable medium having stored thereon a program for carrying out any of the methods described herein. A computer program embodying the disclosure may be stored on a computer readable medium, or it could, for example, be in the form of a signal such as a downloadable data signal provided from an Internet website, or it could be in any other form.

It should be noted that the above-mentioned examples illustrate rather than limit the disclosure, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims or numbered embodiments. The word “comprising” does not exclude the presence of elements or steps other than those listed in a claim or embodiment, “a” or “an” does not exclude a plurality, and a single processor or other unit may fulfil the functions of several units recited in the claims or numbered embodiments. Any reference signs in the claims or numbered embodiments shall not be construed so as to limit their scope.

Claims

1. A method (100) for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session, the method, performed by a privacy management node, comprising: obtaining a minimum required environmental privacy classification for the communication session (110); obtaining an environmental privacy classification of an environment in which the user will participate in the communication session (120); comparing the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session (130); and if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session (140), initiating action to perform at least one of (150): changing the environment in which the user will participate in the communication session; changing a communication channel between the entity and the user for the duration of the communication session; prohibiting the communication session from proceeding.

2. A method as claimed in claim 1, wherein an environmental privacy classification comprises an evaluation of an extent to which privacy of information exchanged on a communication channel between the user and the entity can be maintained within an environment.

3. A method as claimed in claim 1 or 2, wherein the user participates in the communication session using the wireless device, and wherein changing a communication channel between the entity and the user for the duration of the communication session comprises changing a communication channel between the wireless device and the user for the duration of the communication session.

4. A method as claimed in claim 3, wherein an environmental privacy classification comprises an evaluation of an extent to which privacy of information exchanged on a communication channel between the user and the wireless device can be maintained within an environment.

5. A method as claimed in any one of claims 1 to 4, wherein obtaining a minimum required environmental privacy classification for the communication session comprises obtaining communication session classification factors (210a) comprising at least one of: a topic of the communication session; an identity of communication session participants; a proof of identity of the communication session participants; a communication session context; an indicated minimum required environmental privacy classification provided by a communication session participant; a detected classification activation keyword.

6. A method as claimed in claim 5, wherein obtaining a minimum required environmental privacy classification for the communication session further comprises: evaluating the obtained communication session classification factors against a communication session classification policy (210b), wherein the communication session classification policy is operable to map the obtained classification factors to a minimum required privacy classification for the communication session.

7. A method as claimed in any one of the preceding claims, wherein obtaining a minimum required environmental privacy classification for the communication session comprises: negotiating the minimum required environmental privacy classification for the communication session with the entity (210c).

8. A method as claimed in any one of the preceding claims, wherein obtaining an environmental privacy classification of an environment in which the user will participate in the communication session comprises: obtaining an environmental privacy classification of at least one of (220a): the user’s current environment the environment in which the user is predicted to be at a time at which the communication session is scheduled to take place.

9. A method as claimed in any one of the preceding claims, wherein obtaining an environmental privacy classification of an environment in which the user will participate in the communication session comprises: obtaining environment classification factors (220b) relating to at least one of: the radio environment of the user; the physical environment of the user; a virtual environment of the user; wherein the physical environment of the user comprises at least one of the optical environment, the audio environment, and/or the geographic environment of the user.

10. A method as claimed in claim 9, wherein obtaining environment classification factors relating to the radio environment of the user comprises at least one of: listening for communications on a radio interface (220ai); requesting information about the radio environment from a communication network (220aii).

11. A method as claimed in claim 9 or 10, wherein obtaining environment classification factors relating to the optical environment of the user comprises: accessing optical environment sensors in the vicinity of the wireless device (220aiii); and using the accessed sensors to identify at least one of (220aiv): entities with line-of-sight access to the wireless device; entities in the vicinity of the wireless device; whether the environment is indoor or outdoor.

12. A method as claimed in any one of claims 9 to 11 wherein obtaining environment classification factors relating to the audio environment of the user comprises: accessing audio environment sensors in the vicinity of the device (220av); and using the accessed sensors to evaluate the environment for the presence of target sounds (220avi).

13. A method as claimed in any one of claims 9 to 12, wherein obtaining environment classification factors relating to the geographic environment of the user comprises: determining a geographic location of the environment (220avii); and mapping the determined geographic location to at least one classification factor (220aviii).

14. A method as claimed in any one of claims 9 to 13, wherein obtaining an environmental privacy classification of an environment in which the user will participate in the communication session further comprises: evaluating the obtained environment classification factors against an environment classification policy (220c), wherein the environment classification policy is operable to map the obtained classification factors to an environment privacy classification for the environment.

15. A method as claimed in any one of the preceding claims, wherein initiating action to change the environment in which the user will participate in the communication session comprises at least one of (250a): generating white noise with a defined spatial coverage, frequency spectrum and amplitude; instructing the user to change their location instructing the entity to change its location.

16. A method as claimed in any one of the preceding claims, wherein initiating action to change a communication channel between the entity and the user for the duration of the communication session comprises at least one of (250b): instructing the user to use a specific peripheral device; pausing at least one of audio playback, video playback, media presentation for the communication session.

17. A method as claimed in any one of the preceding claims, wherein initiating action to prohibit the communication session from proceeding comprises: pausing all audio playback, video playback and media presentation associated with the communication session (250c).

18. A method as claimed in any one of the preceding claims, further comprising: informing the user of the initiated action (260).

19. A method as claimed in any one of the preceding claims, further comprising: carrying out the method on satisfaction of a trigger condition (202), wherein the trigger condition comprises at least one of: a request to carry out the method by at least one participant in the communication session (202a); detection of a method activation keyword (202b).

20. A method as claimed in any one of the preceding claims, further comprising: during the communication session, monitoring the communication session for at least one of (280a): keywords; classification activation keywords; and on detection of at least one of a keyword or a classification activation keyword (280b): obtaining an updated minimum required environmental privacy classification for the communication session (280c); comparing the updated minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user is participating in the communication session (280d); and if the environmental privacy classification of the environment in which the user is participating in the communication session is not at least equal to the updated minimum required environmental privacy classification for the communication session (280e), initiating action to perform at least one of (280g): changing the environment in which the user is participating in the communication session; changing a communication channel between the entity and the user for the duration of the communication session; prohibiting the communication session from proceeding.

21. A method as claimed in any one of the preceding claims, further comprising: during the communication session, monitoring the environment in which the user is participating in the communication session for a change in the environmental privacy classification of the environment (290a); and on detection of the change in the environmental privacy classification of the environment (290b): comparing the minimum required environmental privacy classification for the communication session with the updated environmental privacy classification of the environment in which the user is participating in the communication session (290c); and if the updated environmental privacy classification of the environment in which the user is participating in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session (290d), initiating action to perform at least one of (290f): changing the environment in which the user is participating in the communication session; changing a communication channel between the entity and the user for the duration of the communication session; prohibiting the communication session from proceeding.

22. A method as claimed in any one of the preceding claims, further comprising: updating or renegotiating the minimum required privacy classification on fulfilment of a condition (270).

23. A method as claimed in claim 22, wherein the condition comprises at least one of (270a): entry or exit of an entity from the communication session; expiry of a scheduled time period.

24. A method as claimed in any one of the preceding claims, wherein the privacy management node is at least partially instantiated in the wireless device.

25. A method for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session, the method, performed by a communication network node, comprising: providing information about the radio environment of the user to a privacy management node; wherein the privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one of claims 1 to 24.

26. A computer program product comprising a computer readable medium, the computer readable medium having computer readable code embodied therein, the computer readable code being configured such that, on execution by a suitable computer or processor, the computer or processor is caused to perform a method as claimed in any one of claims

27. A privacy management node (300) for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session, the privacy management node comprising processing circuitry (302) configured to cause the privacy management node to: obtain a minimum required environmental privacy classification for the communication session; obtain an environmental privacy classification of an environment in which the user will participate in the communication session; compare the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session; and if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, initiate action to perform at least one of: changing the environment in which the user will participate in the communication session; changing a communication channel between the entity and the user for the duration of the communication session; prohibiting the communication session from proceeding.

28. A privacy management node as claimed in claim 27, wherein the processing circuitry is further configured to cause the privacy management node to perform a method as claimed in any one of claims 2 to 24.

29. A privacy management node for managing a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session, the privacy management node configured to: obtain a minimum required environmental privacy classification for the communication session; obtain an environmental privacy classification of an environment in which the user will participate in the communication session; compare the minimum required environmental privacy classification for the communication session with the environmental privacy classification of the environment in which the user will participate in the communication session; and if the environmental privacy classification of the environment in which the user will participate in the communication session is not at least equal to the minimum required environmental privacy classification for the communication session, initiate action to perform at least one of: changing the environment in which the user will participate in the communication session; changing a communication channel between the entity and the user for the duration of the communication session; prohibiting the communication session from proceeding.

30. A privacy management node as claimed in claim 29, wherein the privacy management node is further configured to perform a method as claimed in any one of claims 2 to 24.

31. A wireless device comprising a privacy management node as claimed in any one of claims 27 to 30.

32. A communication network node (400) for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session, the communication network node comprising processing circuitry (402) configured to cause the communication network node to: provide information about the radio environment of the user to a privacy management node; wherein the privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one of claims 1 to 24.

33. A communication network node for facilitating management of a communication session between a user and an entity, wherein the user is equipped with a wireless device while participating in the communication session, the communication network node configured to: provide information about the radio environment of the user to a privacy management node; wherein the privacy management node is configured to use the information about the radio environment of the user in carrying out a method according to any one of claims 1 to 24.