CONCEALMENT OF A SUBSCRIPTION IDENTIFIER FOR A COMMUNICATION

NETWORK

TECHNICAL FIELD

The present application relates generally to a communication network, and relates more specifically to concealment of a subscription identifier for such a network.

BACKGROUND

A communication network provides communication service to a communication device on the basis of a subscription to that communication network. The subscription is identified by a subscription identifier. For example, the subscription identifier may take the form of an International Mobile Subscriber Identity (IMSI) or a Network Access Identifier (NAI), where the NAI is of the form username@realm.

If a communication device transmits a subscription identifier in plaintext, the communication device’s privacy is compromised. Indeed, the communication device’s geographical location could be tracked by tracking locations where the subscription identifier is transmitted. Concealing the subscription identifier before transmission, by encrypting that subscription identifier, preserves the subscriber’s privacy in this regard.

Challenges nonetheless still exist in preserving a subscriber’s privacy. Even if the subscription identifier is encrypted, the concealed identifier that results could still reveal information about the subscription identifier if the concealed identifier’s length depends on the subscription identifier. This proves particularly true for subscription identifiers in the form of NAIs, since different NAIs may have different lengths, e.g., reflecting different subscribers’ usernames. One way to safeguard against revealing even subscription identifier length is to pad all subscription identifiers to be the same length. Problematically, though, this padding approach is sensitive to the longest subscription identifier because it makes all subscription identifiers be as long as the longest subscription identifier. Making all subscription identifiers longer in this way proves expensive in terms of increasing the transmission resources required to communicate the longer subscription identifiers.

SUMMARY

Some embodiments herein conceal subscription identifiers in a way that does not reveal information about the subscription identifiers’ lengths, yet is also not sensitive to the longest subscription identifier. Some embodiments for example conceal fixed length identifiers that are obtained from hashing or mapping. Subscription identifiers may be hashed, for example, according to a hash function that outputs the same length hash no matter the length of the subscription identifiers. Alternatively, subscription identifiers may be mapped to different fixed length identifiers according to an injective mapping. Whether via hashing, mapping, or otherwise, the resulting fixed length identifiers have a fixed length that can be shorter than the longest subscription identifier. For example, in some embodiments, fixed length identifiers obtained from hashing can just be longer than the average length subscription identifier and shorter than the longest length subscription identifier, whereas fixed length identifiers obtained from mapping can be shorter than the average length subscription identifier. These and other embodiments thereby protect subscriber privacy by concealing subscription identifiers in a way that does not reveal subscription identifier length, while at the same time conserving transmission resources by minimizing concealed identifier length.

More particularly, embodiments herein include a method performed by a communication device configured for use in a communication network. The method comprises obtaining a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network. The method also comprises encrypting the fixed length identifier to obtain a concealed identifier. The method also comprises transmitting the concealed identifier.

In some embodiments, obtaining the fixed length identifier comprises calculating the fixed length identifier as a function of the subscription identifier. In one or more of these embodiments, the function is a hash function. In some embodiments, calculating the fixed length identifier comprises calculating a hash of the subscription identifier using the hash function. In one or more of these embodiments, the hash function is an unkeyed hash function. In one or more of these embodiments, the hash function is a key derivation function, KDF. In one or more of these embodiments, an input key to the KDF is all zeroes. In one or more of these embodiments, the fixed length identifier is the hash. In one or more of these embodiments, calculating the fixed length identifier further comprises truncating the hash to a fixed length. In some embodiments, the fixed length identifier is the truncated hash.

In some embodiments, the communication device is provisioned with the fixed length identifier in association with the subscription identifier.

In some embodiments, the subscription identifier is mapped to the fixed length identifier. In one or more of these embodiments, the subscription identifier is mapped to the fixed length identifier according to an injective mapping between subscription identifiers and fixed length identifiers.

In some embodiments, transmitting the concealed identifier comprises transmitting the concealed identifier to, or towards, the communication network.

In some embodiments, the subscription identifier is a subscription permanent identifier, SUPI. In some embodiments, the concealed identifier is a subscription concealed identifier, SUCI.

In some embodiments, the subscription identifier is a network access identifier, NAI, comprising a username and a realm.

In some embodiments, the fixed length identifier has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier. In one or more of these embodiments, the fixed length identifier is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

In some embodiments, the method further comprises transmitting signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier.

Other embodiments herein include a method performed by network equipment configured for use in a communication network. The method comprises receiving a concealed identifier from a communication device. The method also comprises decrypting the concealed identifier to obtain a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network.

In some embodiments, the method further comprises transmitting the decrypted identifier to other network equipment. In one or more of these embodiments, the other network equipment implements a unified data repository, UDR, for the communication network.

In some embodiments, the network equipment implements a unified data management, UDM, function.

In some embodiments, the fixed length identifier is a function of the subscription identifier. In one or more of these embodiments, the function is a hash function. In some embodiments, the fixed length identifier comprises a hash of the subscription identifier according to the hash function. In one or more of these embodiments, the hash function is an unkeyed hash function. In one or more of these embodiments, the hash function is a key derivation function, KDF. In one or more of these embodiments, an input key to the KDF is all zeroes. In one or more of these embodiments, the fixed length identifier is the hash or a truncated version of the hash.

In some embodiments, the communication device is provisioned with the fixed length identifier in association with the subscription identifier.

In some embodiments, the subscription identifier is mapped to the fixed length identifier. In one or more of these embodiments, the subscription identifier is mapped to the fixed length identifier based on an injective mapping between subscription identifiers and fixed length identifiers.

In some embodiments, the subscription identifier is a subscription permanent identifier, SUPI. In this case, the concealed identifier is a subscription concealed identifier, SUCI.

In some embodiments, the subscription identifier is a network access identifier, NAI, comprising a username and a realm.

In some embodiments, the fixed length identifier has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier. In one or more of these embodiments, the fixed length identifier is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

In some embodiments, the method further comprises receiving signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier. In one or more of these embodiments, said decrypting is performed based on the signaling.

In some embodiments, the method further comprises determining the subscription identifier associated with the fixed length identifier.

Other embodiments herein include a method performed by network equipment configured for use in a communication network. The method comprises obtaining a fixed length identifier. The method also comprises determining a subscription identifier associated with the fixed length identifier. In some embodiments, the subscription identifier identifies a subscription to the communication network.

In some embodiments, determining the subscription identifier comprises mapping the fixed length identifier to the subscription identifier.

In some embodiments, the fixed length identifier is, or is a truncated version of, a hash of the subscription identifier. In one or more of these embodiments, the hash is an unkeyed hash. In one or more of these embodiments, the hash is calculated from a key derivation function, KDF. In one or more of these embodiments, an input key to the KDF is all zeroes.

In some embodiments, the communication device is provisioned with the fixed length identifier in association with the subscription identifier. In one or more of these embodiments, said mapping is performed based on an injective mapping between subscription identifiers and fixed length identifiers.

In some embodiments, the subscription identifier is a subscription permanent identifier, SUPI.

In some embodiments, the subscription identifier is a network access identifier, NAI, comprising a username and a realm.

In some embodiments, the fixed length identifier has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier. In one or more of these embodiments, the fixed length identifier is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length. In one or more of these embodiments, all subscriptions to the communication network are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

In some embodiments, obtaining the fixed length identifier comprises receiving the fixed length identifier from other network equipment. In one or more of these embodiments, the other network equipment implements a unified data repository, UDR. In one or more of these embodiments, the method further comprises receiving, from the other network equipment, signaling indicating that the identifier received from the other network equipment is a fixed length identifier.

In some embodiments, obtaining the fixed length identifier comprises receiving a concealed identifier from a communication device. Obtaining the fixed length identifier also comprises decrypting the concealed identifier to obtain the fixed length identifier.

Other embodiments herein include corresponding apparatus, computer programs, and carriers of those computer programs. Of course, the present disclosure is not limited to the above features and advantages. Indeed, those skilled in the art will recognize additional features and advantages upon reading the following detailed description, and upon viewing the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 is a block diagram of a communication device and a communication network according to some embodiments.

Figure 2 is a block diagram of a 5G network according to some embodiments.

Figure 3 is a call flow diagram of a registration procedure in a 5G network according to some embodiments.

Figure 4 is a block diagram of SUCI calculation at a UE according to some embodiments.

Figure 5 is a block diagram of SUCI deconcealing at a home network according to some embodiments.

Figure 6 is a histogram of name lengths.

Figure 7 is a graph of bandwidth cost vs. k-anonymity.

Figure 8 is a call flow diagram for SUPI concealment according to some embodiments.

Figure 9 is a block diagram of a hash-based concealment on the UE-side according to some embodiments.

Figure 10 is a block diagram of a hash-based concealment on the network-side according to some embodiments.

Figure 11 is a block diagram of concealment on the UE-side according to some embodiments based on pre-provisioned fixed length identifiers.

Figure 12 is a block diagram of concealment on the network-side according to some embodiments based on pre-provisioned fixed length identifiers.

Figure 13 is a logic flow diagram of a method performed by a communication device according to some embodiments.

Figure 14 is a logic flow diagram of a method performed by network equipment according to some embodiments.

Figure 15 is a logic flow diagram of a method performed by network equipment according to other embodiments.

Figure 16 is a block diagram of a communication device according to some embodiments.

Figure 17 is a block diagram of network equipment according to other embodiments.

Figure 18 is a block diagram of a communication system in accordance with some embodiments

Figure 19 is a block diagram of a user equipment according to some embodiments.

Figure 20 is a block diagram of a network node according to some embodiments.

Figure 21 is a block diagram of a host according to some embodiments. Figure 22 is a block diagram of a virtualization environment according to some embodiments.

Figure 23 is a block diagram of a host communicating via a network node with a UE over a partially wireless connection in accordance with some embodiments.

DETAILED DESCRIPTION

Figure 1 shows a communication network 10 that provides communication service to a communication device 12 on the basis of a subscription to the communication network 10. The subscription is identified by a subscription identifier 16S. The subscription identifier 16S in some embodiments is a subscription permanent identifier, SUPI, e.g., as defined by 3GPP. In these and other embodiments, the subscription identifier 16S may take the form of an International Mobile Subscriber Identity (I M S I) or a Network Access Identifier (NAI), where the NAI is of the form username@realm. Regardless, different subscriptions to the communication network 10 are identified by different respective subscription identifiers (not shown).

If the communication device 12 were to transmit the subscription identifier 16S in plaintext, the communication device’s privacy would be compromised. Indeed, the communication device’s geographical location could be tracked by tracking locations where the subscription identifier 16S is transmitted. The communication device 12 therefore conceals the subscription identifier 16S before transmission, to preserve the subscriber’s privacy.

More particularly, as shown, the communication device 12 obtains a fixed length identifier 16F associated with the subscription identifier 16S. The fixed length identifier 16F may be fixed in length in the sense that the length of the fixed length identifier 16F is fixed no matter the length of the subscription identifier 16F. In fact, in some embodiments, the length of the fixed length identifier 16F is the same as the length of all other fixed length identifiers associated with other respective subscription identifiers (or at least those that are the same type as the subscription identifier 16F, e.g., all other subscription identifiers that are NAIs). This may even be the case if at least some of the other subscription identifiers have different lengths. In these and other embodiments, then, the length of the fixed length identifier 16F does not reveal information about the length of the subscription identifier 16S.

In fact, in some embodiments, the length of the fixed length identifier 16F is not sensitive to the longest subscription identifier among the subscription identifiers that identify subscriptions to the communication network 10. This means that the length of the fixed length identifier 16F in some embodiments is shorter than the longest subscription identifier. These and other embodiments thereby conserve transmission resources by minimizing identifier length.

In some embodiments, the communication device 12 obtains the fixed length identifier 16F by calculating the fixed length identifier 16F as a function of the subscription identifier 16S. In one embodiment, this function may be a hash function. For example, the hash function may be an unkeyed hash function and/or a key derivation function (KDF), e.g., with an input key to the KDF being all zeroes. Regardless of the particular type of hash function, calculating the fixed length identifier 16F in this case comprises calculating a hash of the subscription identifier 16S using the hash function. In one such embodiment, the fixed length identifier 16F is the hash. In another embodiment, by contrast, the fixed length identifier 16F is a truncated version of that hash, i.e., the communication device 12 truncates the hash to the fixed length such that the fixed length identifier 16F is the truncated hash. Generally, though, no matter the type of the function, the communication device 12 may calculate the fixed length identifier 16F according to a function (e.g., a hash function) that has an input and an input, where the output has the fixed length for all possible values of the input. Here, then, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.

In other embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F, e.g., according to an injective mapping between subscription identifiers and fixed length identifiers. In these and other embodiments, the communication device 12 may just be provisioned with the fixed length identifier 16F in association with the subscription identifier 16S, e.g., rather than being provisioned with the mapping between different subscription identifiers and different respective fixed length identifiers and rather than the communication device 12 actually calculating the fixed length identifier 16F from the subscription identifier 16S.

In some embodiments as shown, then, the communication device 12 may obtain the fixed length identifier 16F from a hashing or mapping 20 of the subscription identifier 16S. Whether via hashing, mapping, or otherwise, the resulting fixed length identifier 16F in some embodiments has a fixed length that can be shorter than the longest subscription identifier. For example, in some embodiments, where the fixed length identifier 16F is obtained from hashing, the fixed length identifier 16F is longer than the average length subscription identifier and shorter than the longest length subscription identifier. In other embodiments where the fixed length identifier 16F is obtained from mapping, the fixed length identifier 16F is shorter than the average length subscription identifier.

In any event, after obtaining the fixed length identifier 16F, the communication device 16F encrypts the fixed length identifier 16F in order to obtain a concealed identifier 16C. The concealed identifier 16C may for example be a subscription concealed identifier (SUCI), e.g., as defined by 3GPP. The communication device 12 then transmits the concealed identifier 16C, e.g., by transmitting the concealed identifier 16C to, or towards, the communication network 10 (possibly via a serving/visited network).

Network equipment 14 in the communication network 10 is shown as obtaining the concealed identifier 16C. The network equipment 14 decrypts the concealed identifier 16C to recover the fixed length identifier 16F. The network equipment 14 in this regard may implement or employ the use of a subscription identifier deconcealing function (SIDF). In any event, with the fixed length identifier 16F recovered, the network equipment 14 determines the subscription identifier 16S associated with the fixed length identifier 16F. This may for instance involve mapping 30 the fixed length identifier 16F to the subscription identifier 16S.

For example, in embodiments where the fixed length identifier 16F is a function of a hash of the subscription identifier 16S, the hash may be one way such that the subscription identifier 16S cannot be recovered from its hash. In this case, then, the mapping 30 at the network equipment 14 may map the fixed length identifier 16F to the subscription identifier 16S, e.g., in a lookup table where the lookup key is the fixed length identifier 16F.

No matter the particular approach, the network equipment 14 may retrieve subscription data for the subscription identified by the determined subscription identifier 16S, e.g., as part of a registration procedure for registering the communication device 12 with the communication network 10.

Note that the network equipment 14 herein may implement or comprise one or more network functions (NFs) or one or more network nodes. In some embodiments, the network equipment 14 performs one or more of the steps mentioned above but other network equipment not shown performs other step(s). For example, the network equipment 14 may decrypt the concealed identifier 16C and transmit the resulting fixed length identifier 16F to other network equipment for further processing. Or, the network equipment 14 may receive the fixed length identifier 16F from other network equipment not shown and determine the corresponding subscription identifier 16S. Or, the network equipment 14 may decrypt the concealed identifier 16C and determine the corresponding subscription identifier 16S itself.

Consider now an example of some embodiments herein where the subscription identifier 16S is exemplified as a SUPI of type NAI, the communication device 12 is exemplified as a user equipment (UE), and the concealed identifier 16C is exemplified as a SUCI in a 5G network.

5G is a next generation of mobile networks developed by a standard developing organization called the 3GPP. The earlier generations of mobile networks were called 4G/LTE, 3G/UMTS, and 2G/GSM, where LTE stands for Long Term Evolution, UMTS stands for Universal Mobile Telecommunications System, and GSM stands for Global System for Mobile Communications.

A 5G network is maintained and its services are offered by the so-called Mobile Network Operators (MNOs). MNOs are distinguishable from each other by two types of codes, namely the Mobile Country Code (MCC) and the Mobile Network Code (MNC). Mind that the so-called "realm" could also distinguish MNOs. To use a particular 5G network offered by a particular MNO, users are required to have a sort of contractual relationship with that MNO, that relationship being generally called the subscription. In cases when the user lacks a subscription to some particular MNO (e.g., in a so-called roaming scenario), the relationship is achieved by roaming agreements between the MNO where the user has a subscription, i.e., the user's Home Network (HN), and the MNO that the user is being served, i.e., the Serving Network (SN). The term network is used to mean HN or SN. The SN is also sometimes referred to as Visited Network or Roaming Network. Figure 2 shows the high-level components in a 5G network. As shown, a 5G network according to some embodiments includes a serving network 10S and a home network 10H. The serving network 10S serves a user equipment (UE) 12 via a next generation (NG) radio access network (RAN) 10S-R and a 5G Core (5GC) 10S-C. Through the serving network 10S, the UE 12 connects to a 5GC 10H- C of the home network 10H.

Each subscription in a mobile network operator’s (MNO's) 5G network is identified by a unique long-term identifier called the Subscription Permanent Identifier (SUPI). Users wirelessly access a 5G network over-the-air using a wireless device known as User Equipment (UE). Before providing any service, a 5G network needs to identify a user, i.e., the user's subscription, behind a UE. For this purpose of identification, UEs in earlier generation of mobile networks (4G, 3G, and 2G) used to send users' unique long-term identifier over-the- air in plain text. This was considered a privacy issue because users could be tracked or identified by any unauthorized entity capable of intercepting message or acting as man-in-the- middle over-the-air. However, in a 5G network, each MNO has an ability to offer better privacy to its users so that their unique long-term identifiers (i.e., SUPIs) are not visible over-the-air. That ability comes from a mechanism in which UEs, instead of sending SUPIs, calculate and send concealed identifiers over-the-air, which is called the Subscription Concealed Identifier (SUCI).

The calculation of SUCI means encryption of the SUPI by the UE. This is done before the SUCI is transferred over-the-air between the UE and the 5G network. The encryption is of asymmetric type and uses the home network’s (HN's) public key (denoted HN public key). The HN provisions the HN public key to the UE. There could be multiple ways of doing the asymmetric encryption of the SUPI for calculating the SUCI, these ways denoted as encryption schemes. Some example of the encryption schemes are EIGamal encryption scheme, Elliptic Curve Integrated Encryption Scheme (ECIES), and Rivest-Shamir-Adleman (RSA) encryption, as well as various quantum-resistant schemes. There could also be multiple variants of the same scheme, e.g., different elliptic curves could be used with an ECIES scheme like secp256r1 , secp384r1 , and curve25519. There exists also a special encryption scheme named the "null-scheme". The null-scheme does not do any actual encryption, rather produces the same output as the input. It effectively means that a SUCI calculated using the "null-scheme" will comprise of the information in SUPI in clear-text over- the-air. The MNO provisions UEs with all the necessary information for the calculation of SUCI, denoted as SUCI encryption parameters. The HN public key and the encryption scheme are two examples of the said encryption parameters. Other examples are, e.g., length of intermediate keys, field lengths (e.g. the message authentication code (MAC) field) and cryptographic primitives (like which hash function). The term field is used for all types of information elements included in the SUPI and SUCI. A high-level sequence diagram showing message flow comprising the SUCI is shown in Figure 3.

In Step 1 , the UE connects to a gNB over-the-air (the gNB being a 5G base station and part of the 5G Radio Access Network (RAN) 10S-R) and sends a Registration Request message which comprises a SUCI calculated by the UE. In Step 2, the gNB forwards the received Registration Request message to a core network node. The core network node is denoted as an Access and Mobility Management Function (AMF) or Security Anchor Function (SEAF) interchangeably. The gNB and AMF/SEAF are collectively denoted as Serving Network (SN) since these network functions reside in the serving network. The SEAF further locates the Authentication Server Function (AUSF). The SEAF then creates and sends to the AUSF in Step 3 a 5G Authentication Information Request (AIR) that among other information contains the received SUCI. The AUSF then contacts the Unified Data Management (UDM) or Subscription Identifier De-concealing Function (SIDF) function in Step 4. The AUSF and UDM/SIDF are collectively denoted as Home Network (HN) since these network functions reside in the home network.

Note that in case of roaming the SN and the HN belong to different MNOs while otherwise both the SN and HN belong to the same MNO. Also note that registration involves more steps than these messages shown in Figure 3. The figure and steps have been simplified to give an overview of how the SUCI travels over the network. Further details can be found in 3GPP TS 33.501 V17.4.0.

Some embodiments herein operate according to the above described wireless access to the 5G core over 3GPP 5G access. Devices may also connect to a 5G core over non-3GPP accesses that can be wireless or wired. SUCI protection is currently only defined for 5G, but the mechanisms would be similar if SUCI was defined for older generations of networks such as 4G, 3G, and 2G.

Details of SUPI and SUCI

Some embodiments herein define a SUPI as defined in 3GPP TS 23.003 v17.4.0. The SUPI and the SUCI formats are outlined below. The SUPI contains the following parts (shown below with "||" as concatenation):

SUPI = SUPI type || SUPI value where the SUPI value can currently be either of type International Mobile Subscription Identity (IMS I) or network specific identifier (NSI, also sometimes called as network access identifier or NAI). In the future, other SUPI types may be defined. In either case, the SUPI value consists of a home network identifier and a subscription identifier. It is the subscription identifier which is concealed in the SUCI. If the SUPI is of type I MSI , the Home Network identifier consists of a Mobile Country Code (MCC) and Mobile Network Code (MNC) and the subscription identifier is called Mobile Subscription Identification Number (MSIN). Therefore, the IMSI contains the following parts (separated b

IMSI

If the SUPI is of type network specific identifier (NSI), the Home Network Identifier (HNI) is generally represented by the so-called "realm", and the subscription identifier is generally represented by the so-called "username". Therefore, the NAI looks like below:

NAI = username@realm

The SUCI contains the following parts (separated by ||):

SUCI = SUPI type || Home Network Identifier || other parameters || Concealed subscription identifier

In some embodiments, consistent with 3GPP TS 33.501 v17.4.0, for SUPIs containing IMSI, the SUCI has the following fields: (i) the SUPI Type as defined in 3GPP TS 23.003 v17.4.0 identifies the type of the SUPI concealed in the SUCI; (ii) the Home Network Identifier is set to the MCC and MNC of the IMSI as specified in 3GPP TS 23.003 v17.4.0; (iii) the Routing Indicator as specified in 3GPP TS 23.003 v17.4.0; (iv) the Protection Scheme Identifier as specified in Annex C of 3GPP TS 33.501 v17.4.0; (v) the Home Network Public Key Identifier as specified in 3GPP TS 33.501 v17.4.0and detailed in TS 23.003 v17.4.0; (v) the Scheme Output as specified in this document and detailed in 3GPP TS 23.003 v17.4.0.

Further, in some embodiments, consistent with 3GPP TS 33.501 V17.4.0, for SUPIs containing Network Specific Identifier, the SUCI in NAI format has following fields: (i) the realm part of the SUCI is set to the realm part of the SUPI; (ii) the username part of the SUCI is formatted as specified in 3GPP TS 23.003 v17.4.0 using the SUPI Type, Routing Indicator, the Protection Scheme Identifier, the Home Network Public Key Identifier and the Scheme Output.

Some embodiments are operable according to 3GPP TS 33.501 v17.4.0 in which 3 standardized concealment schemes identifiers are specified as below: (1) Null- scheme; (2) Profile A (based on Elliptic Curve Integrated Encryption Scheme (ECIES) and uses Curve25519); (3) Profile B (also based on ECIES and uses secp256r1).

Further, consistent with 3GPP TS 33.501 v17.4.0, some embodiments reserve 9 placeholders for identifying concealment schemes to be standardized in future. Furthermore, it has reserved 4 placeholders for identifying proprietary concealment schemes.

SUPI Encryption and SUCI Decryption

Some embodiments herein employ ECIES based encryption at the UE as presented in Figure 4 and Figure 5 (from Figure C.3.2-1 and Figure C.3.3-1 of 3GPP TS 33.501 v17.4.0). What is important to notice is the size of the output from these concealment schemes. 3GPP TS 33.501 v17.4.0 specifies the size as below.

For the Null-scheme, the size of output is equal to the size of input. For the Profile A, the size of output is equal to the total of 256-bit public key, 64-bit MAC, plus size of input.

For the Profile B, the size of output is equal to the total of 264-bit public key, 64-bit MAC, plus size of input.

For proprietary schemes, the maximum size of output is total of 3000 octets plus size of input.

The size of input in the above is the size of username used in case of NAI format or MSIN in case of IMSI.

Heretofore, the length of the MSIN is typically fixed to 9 or 10 digits in a single MNC. This means that if the MNC is send in the clear, the length of the MSIN does not reveal any new information to a well-informed attacker. In the future, longer and variable length IMSIs with new fields may be introduced. For example, the MSIN may have variable length, say, between 9 to 20 digits. Also, the NAI format SUPI can have variable length username, as specified in clause 2.2 of IETF RFC 7542 [4],

It should be noted that certain symmetric encryption algorithms produce the same length output as the input. Therefore, if the length of MSIN or username in NAI format SUPI has variable length, then even after certain types of encryption the resulting SUCIs could heretofore reveal subscription specific information to an attacker.

Specifically in this regard, SUCI uses AES-128 in CTR (counter) mode and guarantees that even a very capable theoretical attacker cannot distinguish the encrypted ciphertext from a random string. But this guaranteeing assumes fixed lengths plaintexts and if this is not true then the indistinguishability is broken. The vast majority of 5G networks heretofore use the SUPI type IMSI where the MSIN has a fixed length for a given MCC. Heretofore, then, in the typical deployment scenario, SUCI therefore provides indistinguishability. But when the SUPI type is NSI, the username is variable length and indistinguishability heretofore no longer holds. An attacker would in this case get perfect information regarding the length of the username.

In other words, when applied to NSI type identifier, SUCI heretofore provides very poor K-anonymity for some of the users with unusual identifier lengths, especially very short or very long names. K-anonymity is a popular and easy way to understand the property of anonymized data. K-anonymity is sometimes referred to as a "hiding in the crowd" guarantee, any of the K records in the group could correspond to a single person.

It is likely that many networks will have the username part (in SUPIs in NAI format) created from real-world names because earlier and current uses of such identifiers, e.g., in ISIMs (IP Multimedia Services Identity Module), have been based on real-world names. Researchers have analysed the name length data for the whole of Sweden (ten million people) and four regions (Sweden, China, India, and USA) of an internal company, and have found that the length distributions have tails; please see Figure 6. Therefore, the SUCIs that have lengths far from the mean (either to the left or right) would have low anonymity - in the worst cases, completely distinguishable.

Padding SUCI

One possible approach to addressing this problem would be to pad SUPI before it is encrypted. Several flavors of padding methods are mentioned below:

• Pad with N1 number of bits.

• Pad with padding where length of padding is randomly, pseudo-randomly or deterministically chosen in the integer interval [N2,N3],

• Pad with padding where length of padding is randomly, pseudo-randomly or deterministically chosen from a statistical distribution.

• Pad to N4 number of bits.

• Pad to the next multiple of N5 bits.

• Pad to N6 bits, where N6 is randomly, pseudo-randomly or deterministically chosen from a statistical distribution.

• Pad to the next multiple of N7 bits, where N7 is randomly, pseudo-randomly or deterministically chosen from a statistical distribution.

• Combination of padding methods.

• Block-length padding (blk-sz-min): Pad to a length that is a multiple of blocks of size sz, starting at min number of blocks.

• Power-length padding (pwr-b-min): Pad to a length that is a power of base b, starting at min power.

• Random block-length padding (rnbBlk-sz-blks-min): First pad to a length that is a multiple of blocks of size sz, starting at min number of blocks. Then, add random number (between 0 and blks ) of extra blocks.

• Random-length padding (rnbLen-len): Pad with random number (between 1 and len) of bytes.

• Maximum-length padding (max-len): Pad so that the final length becomes at least len bytes.

However, the known padding mechanisms do not solve the problem of variable length of NAI format SUPIs. After padding, the SUPIs may still have variable lengths. Therefore, the padding mechanisms may or may not provide desired privacy - depending on various conditions. Padding up to the length of the longest NAI format SUPI can solve the problem of variable length, but the message expansion, in that case, is significantly high. The bandwidth cost introduced by the padding methods is a problem.

One way to calculate the bandwidth cost function is to calculate it as the average increase in message size as a weighted sum of all the padded lengths normalized by the unpadded cost. When applying the known padding methods to the Sweden-fl data discussed above, the plots in Figure 7 result. On the X-axis is the bandwidth cost, and on the Y-axis is the K-anonymity (logarithm of base 10). The maximum achievable value for K is the population size and is shown as a horizontal dashed line.

As seen from the plot, although the known padding methods can in principle achieve better K-anonymities, they impose an increase in bandwidth cost. Such increase in bandwidth cost is undesirable when it comes to mobile networks because radio resource should be preserved for other functionalities related to providing connectivity.

Certain aspects of the disclosure and their embodiments may provide solutions to these or other challenges.

Some embodiments herein build an injective map between SUPIs and fixed length identifiers, and encrypt fixed length identifiers associated with SUPIs, instead of SUPIs themselves, into SUCIs. The map can be built in two ways: (i) unkeyed hashing (ii) other algorithmic mechanism to ensure each SUPI is assigned a unique fixed length identifier.

Hashing: The UE computes an unkeyed hash of the NAI format SUPI and encrypts the hash of the SUPI, instead of the SUPI itself, into a SUCI. In one example, such a hash function is the 3GPP key derivation function (KDF) specified in TS 33.220 v17.2.0 with a dummy key, e.g., all zeros. The output of the KDF may be truncated to a desired length. On the network side, the unified data management (UDM) gets the SUCI decrypted with the help from the Authentication Credential Repository and Processing Function (ARPF) and SIDF, and obtains the hash of the SUPI. The UDM sends the hash of the SUPI to the unified data repository (UDR). The UDR maintains a map between the SUPIs and their unkeyed hashes. The UDR retrieves the SUPI and sends it to the UDM.

Other Algorithmic mechanism: In an alternative embodiment, a fixed length identifier, which may not be the hash of the NAI format SUPI, is associated with the NAI. The UE is provisioned with both the NAI format SUPI and the fixed length identifier. Instead of the NAI, the UE encrypts the fixed length identifier associated with the NAI. On the network side, the UDM gets the SUCI decrypted with the help from ARPF and SIDF, and obtains the fixed length identifier. The UDM sends the fixed length identifier to the UDR. The UDR maintains a map between the SUPIs and their fixed length identifier. The UDR retrieves the SUPI and sends it to the UDM.

Some embodiments make sure that NAI format SUPIs are mapped into fixed length identifiers and the fixed length identifiers, instead of the NAI format SUPIs, are encrypted into SUCIs. Hashing the NAI-format SUPIs is one way to build the map. Another way to build the map is to assign a unique fixed length identifier to each SUPIs.

Certain embodiments may provide one or more of the following technical advantage(s). As one possible advantage, SUCIs do not reveal any information about the length of the actual NAI format SUPIs. As another possible advantage, NAI-format SUPIs can be chosen as specified in IETF RFC 7542 without worrying about their length. As yet another possible advantage, building the map, through hashing or other algorithmic mechanism, is computationally inexpensive. However, in case of hashing, the UEs do not need to be provisioned with the fixed length identifiers. As a further possible advantage, the fixed length identifiers (therefore, SUCIs too) can be significantly shorter than the longest SUPI. As another possible advantage, SUCI computation mechanism conforms with the general constraints of using symmetric-key encryption towards achieving security notions like real-or- random, left-or-right, or semantic security. And as yet a further possible advantage, the fixed length identifier obtained by padding is sensitive to the longest SUPI. But some embodiments can have fixed-length identifiers much shorter than the longest SUPI. In case of hashing the length would be a bit longer than the average length of SUPIs. In case of other algorithmic mechanism to build the mapping, the length can be much shorter than the average length.

Some embodiments follow the general flow diagram in Figure 8.

Step 1. The UE maps the NAI SUPI into a fixed value FIX_VAL. The mapping can be based on a mapping function (hash function, KDF) or a simple mapping table.

Step 2. The fixed value is used in the SUCI calculation as input instead of the SUPI.

Step 3. The new SUCI is transported in related messages in relevant procedures from the UE to the home network via the serving network as also described in Figure 2.

Step 4. The UDM/SIDF de-conceals the SUCI and extracts the fixed value FIX_VAL.

Step 5. Depending on the mapping performed by the UE the SUPI mapped to the FIX_VAL is retrieved.

In both the mechanisms to build the injective map between NAI format SUPIs and fixed length identfiers, neither the encryption mechanism of SUPIs into SUCIs, nor the transport mechanism of SUCIs from UE to 5G core network (CN) changes. What change is that instead of encrypting NAI format SUPIs, the fixed length identifiers are encrypted into SUCIs.

The hash-based mechanism according to some embodiments is explained in Figure 9 and 10. Blocks B1 and B2 in Figure 9, and blocks B3 and B4 in Figure 10, are the new additions according to some embodiments.

In other algorithmic mechanisms, each NAI format SUPI is assigned a unique short, fixed length identifier while reserving or assigning the SUPI. The UE and UDR can be provisioned with the identifier at the same time they are provisioned with the SUPI. Once this provisioning is done, the SUCI can be created as shown in Figure 11 and the SUPI can be extracted from a SUCI as shown in Figure 12. Block B5 in Figure 12, and Blocks B6 and B7, show the new additions.

Note that the term UE is used without loss of generality. The UE refers to several parts or components that altogether enable the user(s) of the UE to access the services provided by the network. On a high level, it consists of at least the Universal Subscriber Identity Module (USIM) and the Mobile Equipment (ME).

In view of the modifications and variations herein, Figure 13 depicts a method performed by a communication device 12 configured for use in a communication network 10 in accordance with particular embodiments. The method comprises obtaining a fixed length identifier 16F associated with a subscription identifier 16S identifying a subscription to the communication network 10 (Block 1300). The method also comprises encrypting the fixed length identifier 16F to obtain a concealed identifier 16C (Block 1310). The method also comprises transmitting the concealed identifier 16C (Block 1320).

In some embodiments, obtaining the fixed length identifier 16F comprises calculating the fixed length identifier 16F as a function of the subscription identifier 16S. In one or more of these embodiments, the function is a hash function. In some embodiments, calculating the fixed length identifier 16F comprises calculating a hash of the subscription identifier 16S using the hash function. In one or more of these embodiments, the hash function is an unkeyed hash function. Alternatively or additionally, the hash function is a key derivation function, KDF. In one or more of these embodiments, an input key to the KDF is all zeroes. In some embodiments, the fixed length identifier 16F is the hash. In other embodiments, calculating the fixed length identifier 16F further comprises truncating the hash to a fixed length. In this case, the fixed length identifier 16F may be the truncated hash.

In other embodiments, the communication device 12 is provisioned with the fixed length identifier 16F in association with the subscription identifier 16S.

In some embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F. In one or more of these embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F according to an injective mapping between subscription identifiers and fixed length identifiers.

In some embodiments, transmitting the concealed identifier 16C comprises transmitting the concealed identifier 16C to, or towards, the communication network 10.

In some embodiments, the subscription identifier 16S is a subscription permanent identifier, SUPI. In some embodiments, the concealed identifier 16C is a subscription concealed identifier, SUCI.

In some embodiments, the subscription identifier 16S is a network access identifier, NAI, comprising a username and a realm.

In some embodiments, the fixed length identifier 16F has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier 16S.

In some embodiments, the fixed length identifier 16F is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.

In some embodiments, all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length.

In some embodiments, all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

In some embodiments, the method further comprises transmitting signaling indicating that the concealed identifier 16C conceals the fixed length identifier 16F rather than concealing the subscription identifier 16S (Block 1330).

Figure 14 shows a method performed by network equipment 14 configured for use in a communication network 10. The method comprises receiving a concealed identifier 16C from a communication device 12 (Block 1400). The method also comprises decrypting the concealed identifier 16C to obtain a fixed length identifier 16F associated with a subscription identifier 16S identifying a subscription to the communication network 10 (Block 1410).

In some embodiments, the method further comprises transmitting the decrypted identifier to another network node. In one or more of these embodiments, the another network node implements a unified data repository, UDR, for the communication network 10.

In some embodiments, the network node implements a unified data management, UDM, function.

In some embodiments, the fixed length identifier 16F is a function of the subscription identifier 16S. In one or more of these embodiments, the function is a hash function. In some embodiments, the fixed length identifier 16F comprises a hash of the subscription identifier 16S according to the hash function, e.g., an unkeyed hash function. In one or more of these embodiments, the hash function is a key derivation function, KDF. In some embodiments, an input key to the KDF is all zeroes. In some embodiments, the fixed length identifier 16F is the hash or a truncated version of the hash.

In other embodiments, the communication device 12 is provisioned with the fixed length identifier 16F in association with the subscription identifier 16S.

In some embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F. In one or more of these embodiments, the subscription identifier 16S is mapped to the fixed length identifier 16F based on an injective mapping between subscription identifiers and fixed length identifiers.

In some embodiments, the subscription identifier 16S is a subscription permanent identifier, SUPI. In this case, the concealed identifier 16C is a subscription concealed identifier, SUCI.

In some embodiments, the subscription identifier 16S is a network access identifier, NAI, comprising a username and a realm. In some embodiments, the fixed length identifier 16F has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier 16S.

In some embodiments, the fixed length identifier 16F is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.

In some embodiments, all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length.

In some embodiments, all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

In some embodiments, the method further comprises receiving signaling indicating that the concealed identifier 16C conceals the fixed length identifier 16F rather than concealing the subscription identifier 16S. In one or more of these embodiments, said decrypting is performed based on the signaling.

In some embodiments, the method further comprises determining the subscription identifier 16S associated with the fixed length identifier 16F.

Figure 15 shows a method performed by network equipment 14 configured for use in a communication network 10. The method comprises obtaining a fixed length identifier 16F (Block 1500). The method also comprises determining a subscription identifier 16S associated with the fixed length identifier 16F (Block 1510). In some embodiments, the subscription identifier 16S identifies a subscription to the communication network 10.

In some embodiments, determining the subscription identifier 16S comprises mapping the fixed length identifier 16F to the subscription identifier 16S.

In some embodiments, the fixed length identifier 16F is, or is a truncated version of, a hash of the subscription identifier 16S. In one or more of these embodiments, the hash is an unkeyed hash. In one or more of these embodiments, the hash is calculated from a key derivation function, KDF. In one or more of these embodiments, an input key to the KDF is all zeroes.

In some embodiments, the communication device 12 is provisioned with the fixed length identifier 16F in association with the subscription identifier 16S. In one or more of these embodiments, said mapping is performed based on an injective mapping between subscription identifiers and fixed length identifiers.

In some embodiments, the subscription identifier 16S is a subscription permanent identifier, SUPI.

In some embodiments, the subscription identifier 16S is a network access identifier, NAI, comprising a username and a realm.

In some embodiments, the fixed length identifier 16F has a fixed length. In one or more of these embodiments, the fixed length is fixed with respect to a length of the subscription identifier 16S.

In some embodiments, the fixed length identifier 16F is calculated according to a function that has an input and that has an output. In some embodiments, the output has the fixed length for all possible values of the input. In some embodiments, the fixed length identifier 16F is calculated by inputting the subscription identifier 16S into the function as the input of the function and obtaining the fixed length identifier 16F as the output of the function.

In some embodiments, all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, the subscription identifiers are associated with respective fixed length identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, each of the fixed length identifiers has the same fixed length.

In some embodiments, all subscriptions to the communication network 10 are identified by respective subscription identifiers. In some embodiments, at least some of the subscription identifiers have different lengths. In some embodiments, the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

In some embodiments, obtaining the fixed length identifier 16F comprises receiving the fixed length identifier 16F from another network node. In one or more of these embodiments, the another network node implements a unified data repository, UDR. In some embodiments, the method further comprises receiving, from the another network node, signaling indicating that the identifier received from the another network node is a fixed length identifier 16F.

In some embodiments, obtaining the fixed length identifier 16F comprises receiving a concealed identifier 16C from a communication device 12. In some embodiments, obtaining the fixed length identifier 16F also comprises decrypting the concealed identifier 16C to obtain the fixed length identifier 16F.

In some embodiments, the method also comprises retrieving subscription data for the subscription identified by the determined subscription identifier (Block 1520).

Embodiments herein also include corresponding apparatuses. Embodiments herein for instance include a communication device 12 configured to perform any of the steps of any of the embodiments described above for the communication device 12. Embodiments also include a communication device 12 comprising processing circuitry and power supply circuitry. The processing circuitry is configured to perform any of the steps of any of the embodiments described above for the communication device 12. The power supply circuitry is configured to supply power to the communication device 12.

Embodiments further include a communication device 12 comprising processing circuitry. The processing circuitry is configured to perform any of the steps of any of the embodiments described above for the communication device 12. In some embodiments, the communication device 12 further comprises communication circuitry.

Embodiments further include a communication device 12 comprising processing circuitry and memory. The memory contains instructions executable by the processing circuitry whereby the communication device 12 is configured to perform any of the steps of any of the embodiments described above for the communication device 12.

Embodiments moreover include a user equipment (UE). The UE comprises an antenna configured to send and receive wireless signals. The UE also comprises radio front-end circuitry connected to the antenna and to processing circuitry, and configured to condition signals communicated between the antenna and the processing circuitry. The processing circuitry is configured to perform any of the steps of any of the embodiments described above for the communication device 12. In some embodiments, the UE also comprises an input interface connected to the processing circuitry and configured to allow input of information into the UE to be processed by the processing circuitry. The UE may comprise an output interface connected to the processing circuitry and configured to output information from the UE that has been processed by the processing circuitry. The UE may also comprise a battery connected to the processing circuitry and configured to supply power to the UE.

Embodiments herein also include network equipment 14 configured to perform any of the steps of any of the embodiments described above for network equipment 14.

Embodiments also include network equipment 14 comprising processing circuitry and power supply circuitry. The processing circuitry is configured to perform any of the steps of any of the embodiments described above for network equipment 14. The power supply circuitry is configured to supply power to the network equipment 14.

Embodiments further include network equipment 14 comprising processing circuitry. The processing circuitry is configured to perform any of the steps of any of the embodiments described above for network equipment 14. In some embodiments, the network equipment 14 further comprises communication circuitry.

Embodiments further include network equipment 14 comprising processing circuitry and memory. The memory contains instructions executable by the processing circuitry whereby the network equipment 14 is configured to perform any of the steps of any of the embodiments described above for network equipment 14. More particularly, the apparatuses described above may perform the methods herein and any other processing by implementing any functional means, modules, units, or circuitry. In one embodiment, for example, the apparatuses comprise respective circuits or circuitry configured to perform the steps shown in the method figures. The circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. For instance, the circuitry may include one or more microprocessor or microcontrollers, as well as other digital hardware, which may include digital signal processors (DSPs), special-purpose digital logic, and the like. The processing circuitry may be configured to execute program code stored in memory, which may include one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc. Program code stored in memory may include program instructions for executing one or more telecommunications and/or data communications protocols as well as instructions for carrying out one or more of the techniques described herein, in several embodiments. In embodiments that employ memory, the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.

Figure 16 for example illustrates a communication device 12 as implemented in accordance with one or more embodiments. As shown, the communication device 12 includes processing circuitry 1610 and communication circuitry 1620. The communication circuitry 1620 (e.g., radio circuitry) is configured to transmit and/or receive information to and/or from one or more other nodes, e.g., via any communication technology. Such communication may occur via one or more antennas that are either internal or external to the wireless communication device 1600. The processing circuitry 1610 is configured to perform processing described above, e.g., in Figure 13, such as by executing instructions stored in memory 1630. The processing circuitry 1610 in this regard may implement certain functional means, units, or modules.

Figure 17 illustrates network equipment 14 as implemented in accordance with one or more embodiments. As shown, the network equipment 14 includes processing circuitry 1710 and communication circuitry 1720. The communication circuitry 1720 is configured to transmit and/or receive information to and/or from one or more other nodes, e.g., via any communication technology. The processing circuitry 1710 is configured to perform processing described above, e.g., in Figure 14 and/or 15, such as by executing instructions stored in memory 1730. The processing circuitry 1710 in this regard may implement certain functional means, units, or modules.

Those skilled in the art will also appreciate that embodiments herein further include corresponding computer programs.

A computer program comprises instructions which, when executed on at least one processor of an apparatus, cause the apparatus to carry out any of the respective processing described above. A computer program in this regard may comprise one or more code modules corresponding to the means or units described above.

Embodiments further include a carrier containing such a computer program. This carrier may comprise one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

In this regard, embodiments herein also include a computer program product stored on a non-transitory computer readable (storage or recording) medium and comprising instructions that, when executed by a processor of an apparatus, cause the apparatus to perform as described above.

Embodiments further include a computer program product comprising program code portions for performing the steps of any of the embodiments herein when the computer program product is executed by a computing device. This computer program product may be stored on a computer readable recording medium.

Figure 18 shows an example of a communication system 1800 in accordance with some embodiments.

In the example, the communication system 1800 includes a telecommunication network 1802 that includes an access network 1804, such as a radio access network (RAN), and a core network 1806, which includes one or more core network nodes 1808. The access network 1804 includes one or more access network nodes, such as network nodes 1810a and 1810b (one or more of which may be generally referred to as network nodes 1810), or any other similar 3 ^rd Generation Partnership Project (3GPP) access node or non-3GPP access point. The network nodes 1810 facilitate direct or indirect connection of user equipment (UE), such as by connecting UEs 1812a, 1812b, 1812c, and 1812d (one or more of which may be generally referred to as UEs 1812) to the core network 1806 over one or more wireless connections.

Example wireless communications over a wireless connection include transmitting and/or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and/or other types of signals suitable for conveying information without the use of wires, cables, or other material conductors. Moreover, in different embodiments, the communication system 1800 may include any number of wired or wireless networks, network nodes, UEs, and/or any other components or systems that may facilitate or participate in the communication of data and/or signals whether via wired or wireless connections. The communication system 1800 may include and/or interface with any type of communication, telecommunication, data, cellular, radio network, and/or other similar type of system.

The UEs 1812 may be any of a wide variety of communication devices, including wireless devices arranged, configured, and/or operable to communicate wirelessly with the network nodes 1810 and other communication devices. Similarly, the network nodes 1810 are arranged, capable, configured, and/or operable to communicate directly or indirectly with the UEs 1812 and/or with other network nodes or equipment in the telecommunication network 1802 to enable and/or provide network access, such as wireless network access, and/or to perform other functions, such as administration in the telecommunication network 1802.

In the depicted example, the core network 1806 connects the network nodes 1810 to one or more hosts, such as host 1816. These connections may be direct or indirect via one or more intermediary networks or devices. In other examples, network nodes may be directly coupled to hosts. The core network 1806 includes one more core network nodes (e.g., core network node 1808) that are structured with hardware and software components. Features of these components may be substantially similar to those described with respect to the UEs, network nodes, and/or hosts, such that the descriptions thereof are generally applicable to the corresponding components of the core network node 1808. Example core network nodes include functions of one or more of a Mobile Switching Center (MSC), Mobility Management Entity (MME), Home Subscriber Server (HSS), Access and Mobility Management Function (AMF), Session Management Function (SMF), Authentication Server Function (AUSF), Subscription Identifier De-concealing function (SIDF), Unified Data Management (UDM), Security Edge Protection Proxy (SEPP), Network Exposure Function (NEF), and/or a User Plane Function (UPF).

The host 1816 may be under the ownership or control of a service provider other than an operator or provider of the access network 1804 and/or the telecommunication network 1802, and may be operated by the service provider or on behalf of the service provider. The host 1816 may host a variety of applications to provide one or more service. Examples of such applications include live and pre-recorded audio/video content, data collection services such as retrieving and compiling data on various ambient conditions detected by a plurality of UEs, analytics functionality, social media, functions for controlling or otherwise interacting with remote devices, functions for an alarm and surveillance center, or any other such function performed by a server.

As a whole, the communication system 1800 of Figure 18 enables connectivity between the UEs, network nodes, and hosts. In that sense, the communication system may be configured to operate according to predefined rules or procedures, such as specific standards that include, but are not limited to: Global System for Mobile Communications (GSM); Universal Mobile Telecommunications System (UMTS); Long Term Evolution (LTE), and/or other suitable 2G, 3G, 4G, 5G standards, or any applicable future generation standard (e.g., 6G); wireless local area network (WLAN) standards, such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards (WiFi); and/or any other appropriate wireless communication standard, such as the Worldwide Interoperability for Microwave Access (WiMax), Bluetooth, Z-Wave, Near Field Communication (NFC) ZigBee, LiFi, and/or any low- power wide-area network (LPWAN) standards such as LoRa and Sigfox.

In some examples, the telecommunication network 1802 is a cellular network that implements 3GPP standardized features. Accordingly, the telecommunications network 1802 may support network slicing to provide different logical networks to different devices that are connected to the telecommunication network 1802. For example, the telecommunications network 1802 may provide Ultra Reliable Low Latency Communication (URLLC) services to some UEs, while providing Enhanced Mobile Broadband (eMBB) services to other UEs, and/or Massive Machine Type Communication (mMTC)ZMassive loT services to yet further UEs.

In some examples, the UEs 1812 are configured to transmit and/or receive information without direct human interaction. For instance, a UE may be designed to transmit information to the access network 1804 on a predetermined schedule, when triggered by an internal or external event, or in response to requests from the access network 1804. Additionally, a UE may be configured for operating in single- or multi-RAT or multi-standard mode. For example, a UE may operate with any one or combination of Wi-Fi, NR (New Radio) and LTE, i.e. being configured for multi-radio dual connectivity (MR-DC), such as E-UTRAN (Evolved-UMTS Terrestrial Radio Access Network) New Radio - Dual Connectivity (EN-DC).

In the example, the hub 1814 communicates with the access network 1804 to facilitate indirect communication between one or more UEs (e.g., UE 1812c and/or 1812d) and network nodes (e.g., network node 1810b). In some examples, the hub 1814 may be a controller, router, content source and analytics, or any of the other communication devices described herein regarding UEs. For example, the hub 1814 may be a broadband router enabling access to the core network 1806 for the UEs. As another example, the hub 1814 may be a controller that sends commands or instructions to one or more actuators in the UEs. Commands or instructions may be received from the UEs, network nodes 1810, or by executable code, script, process, or other instructions in the hub 1814. As another example, the hub 1814 may be a data collector that acts as temporary storage for UE data and, in some embodiments, may perform analysis or other processing of the data. As another example, the hub 1814 may be a content source. For example, for a UE that is a VR headset, display, loudspeaker or other media delivery device, the hub 1814 may retrieve VR assets, video, audio, or other media or data related to sensory information via a network node, which the hub 1814 then provides to the UE either directly, after performing local processing, and/or after adding additional local content. In still another example, the hub 1814 acts as a proxy server or orchestrator for the UEs, in particular in if one or more of the UEs are low energy loT devices.

The hub 1814 may have a constant/persistent or intermittent connection to the network node 1810b. The hub 1814 may also allow for a different communication scheme and/or schedule between the hub 1814 and UEs (e.g., UE 1812c and/or 1812d), and between the hub 1814 and the core network 1806. In other examples, the hub 1814 is connected to the core network 1806 and/or one or more UEs via a wired connection. Moreover, the hub 1814 may be configured to connect to an M2M service provider over the access network 1804 and/or to another UE over a direct connection. In some scenarios, UEs may establish a wireless connection with the network nodes 1810 while still connected via the hub 1814 via a wired or wireless connection. In some embodiments, the hub 1814 may be a dedicated hub - that is, a hub whose primary function is to route communications to/from the UEs from/to the network node 1810b. In other embodiments, the hub 1814 may be a non-dedicated hub - that is, a device which is capable of operating to route communications between the UEs and network node 1810b, but which is additionally capable of operating as a communication start and/or end point for certain data channels.

Figure 19 shows a UE 1900 in accordance with some embodiments. As used herein, a UE refers to a device capable, configured, arranged and/or operable to communicate wirelessly with network nodes and/or other UEs. Examples of a UE include, but are not limited to, a smart phone, mobile phone, cell phone, voice over IP (VoIP) phone, wireless local loop phone, desktop computer, personal digital assistant (PDA), wireless cameras, gaming console or device, music storage device, playback appliance, wearable terminal device, wireless endpoint, mobile station, tablet, laptop, laptop-embedded equipment (LEE), laptop-mounted equipment (LME), smart device, wireless customer-premise equipment (CPE), vehicle-mounted or vehicle embedded/integrated wireless device, etc. Other examples include any UE identified by the 3rd Generation Partnership Project (3GPP), including a narrow band internet of things (NB-loT) UE, a machine type communication (MTC) UE, and/or an enhanced MTC (eMTC) UE.

A UE may support device-to-device (D2D) communication, for example by implementing a 3GPP standard for sidelink communication, Dedicated Short-Range Communication (DSRC), vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), or vehicle-to-everything (V2X). In other examples, a UE may not necessarily have a user in the sense of a human user who owns and/or operates the relevant device. Instead, a UE may represent a device that is intended for sale to, or operation by, a human user but which may not, or which may not initially, be associated with a specific human user (e.g., a smart sprinkler controller). Alternatively, a UE may represent a device that is not intended for sale to, or operation by, an end user but which may be associated with or operated for the benefit of a user (e.g., a smart power meter).

The UE 1900 includes processing circuitry 1902 that is operatively coupled via a bus 1904 to an input/output interface 1906, a power source 1908, a memory 1910, a communication interface 1912, and/or any other component, or any combination thereof. Certain UEs may utilize all or a subset of the components shown in Figure 19. The level of integration between the components may vary from one UE to another UE. Further, certain UEs may contain multiple instances of a component, such as multiple processors, memories, transceivers, transmitters, receivers, etc.

The processing circuitry 1902 is configured to process instructions and data and may be configured to implement any sequential state machine operative to execute instructions stored as machine-readable computer programs in the memory 1910. The processing circuitry 1902 may be implemented as one or more hardware-implemented state machines (e.g., in discrete logic, field-programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), etc.); programmable logic together with appropriate firmware; one or more stored computer programs, general-purpose processors, such as a microprocessor or digital signal processor (DSP), together with appropriate software; or any combination of the above. For example, the processing circuitry 1902 may include multiple central processing units (CPUs).

In the example, the input/output interface 1906 may be configured to provide an interface or interfaces to an input device, output device, or one or more input and/or output devices. Examples of an output device include a speaker, a sound card, a video card, a display, a monitor, a printer, an actuator, an emitter, a smartcard, another output device, or any combination thereof. An input device may allow a user to capture information into the UE 1900. Examples of an input device include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, a digital video camera, a web camera, etc.), a microphone, a sensor, a mouse, a trackball, a directional pad, a trackpad, a scroll wheel, a smartcard, and the like. The presence-sensitive display may include a capacitive or resistive touch sensor to sense input from a user. A sensor may be, for instance, an accelerometer, a gyroscope, a tilt sensor, a force sensor, a magnetometer, an optical sensor, a proximity sensor, a biometric sensor, etc., or any combination thereof. An output device may use the same type of interface port as an input device. For example, a Universal Serial Bus (USB) port may be used to provide an input device and an output device.

In some embodiments, the power source 1908 is structured as a battery or battery pack. Other types of power sources, such as an external power source (e.g., an electricity outlet), photovoltaic device, or power cell, may be used. The power source 1908 may further include power circuitry for delivering power from the power source 1908 itself, and/or an external power source, to the various parts of the UE 1900 via input circuitry or an interface such as an electrical power cable. Delivering power may be, for example, for charging of the power source 1908. Power circuitry may perform any formatting, converting, or other modification to the power from the power source 1908 to make the power suitable for the respective components of the UE 1900 to which power is supplied.

The memory 1910 may be or be configured to include memory such as random access memory (RAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic disks, optical disks, hard disks, removable cartridges, flash drives, and so forth. In one example, the memory 1910 includes one or more application programs 1914, such as an operating system, web browser application, a widget, gadget engine, or other application, and corresponding data 1916. The memory 1910 may store, for use by the UE 1900, any of a variety of various operating systems or combinations of operating systems.

The memory 1910 may be configured to include a number of physical drive units, such as redundant array of independent disks (RAID), flash memory, USB flash drive, external hard disk drive, thumb drive, pen drive, key drive, high-density digital versatile disc (HD-DVD) optical disc drive, internal hard disk drive, Blu-Ray optical disc drive, holographic digital data storage (HDDS) optical disc drive, external mini-dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro-DIMM SDRAM, smartcard memory such as tamper resistant module in the form of a universal integrated circuit card (UICC) including one or more subscriber identity modules (SIMs), such as a USIM and/or ISIM, other memory, or any combination thereof. The UICC may for example be an embedded UICC (eUlCC), integrated UICC (iUICC) or a removable UICC commonly known as ‘SIM card.’ The memory 1910 may allow the UE 1900 to access instructions, application programs and the like, stored on transitory or non-transitory memory media, to off-load data, or to upload data. An article of manufacture, such as one utilizing a communication system may be tangibly embodied as or in the memory 1910, which may be or comprise a device-readable storage medium.

The processing circuitry 1902 may be configured to communicate with an access network or other network using the communication interface 1912. The communication interface 1912 may comprise one or more communication subsystems and may include or be communicatively coupled to an antenna 1922. The communication interface 1912 may include one or more transceivers used to communicate, such as by communicating with one or more remote transceivers of another device capable of wireless communication (e.g., another UE or a network node in an access network). Each transceiver may include a transmitter 1918 and/or a receiver 1920 appropriate to provide network communications (e.g., optical, electrical, frequency allocations, and so forth). Moreover, the transmitter 1918 and receiver 1920 may be coupled to one or more antennas (e.g., antenna 1922) and may share circuit components, software or firmware, or alternatively be implemented separately.

In the illustrated embodiment, communication functions of the communication interface 1912 may include cellular communication, Wi-Fi communication, LPWAN communication, data communication, voice communication, multimedia communication, short-range communications such as Bluetooth, near-field communication, location-based communication such as the use of the global positioning system (GPS) to determine a location, another like communication function, or any combination thereof. Communications may be implemented in according to one or more communication protocols and/or standards, such as IEEE 802.11 , Code Division Multiplexing Access (CDMA), Wideband Code Division Multiple Access (WCDMA), GSM, LTE, New Radio (NR), UMTS, WiMax, Ethernet, transmission control protocol/internet protocol (TCP/IP), synchronous optical networking (SONET), Asynchronous Transfer Mode (ATM), QUIC, Hypertext Transfer Protocol (HTTP), and so forth.

Regardless of the type of sensor, a UE may provide an output of data captured by its sensors, through its communication interface 1912, via a wireless connection to a network node. Data captured by sensors of a UE can be communicated through a wireless connection to a network node via another UE. The output may be periodic (e.g., once every 15 minutes if it reports the sensed temperature), random (e.g., to even out the load from reporting from several sensors), in response to a triggering event (e.g., when moisture is detected an alert is sent), in response to a request (e.g., a user initiated request), or a continuous stream (e.g., a live video feed of a patient).

As another example, a UE comprises an actuator, a motor, or a switch, related to a communication interface configured to receive wireless input from a network node via a wireless connection. In response to the received wireless input the states of the actuator, the motor, or the switch may change. For example, the UE may comprise a motor that adjusts the control surfaces or rotors of a drone in flight according to the received input or to a robotic arm performing a medical procedure according to the received input.

A UE, when in the form of an Internet of Things (loT) device, may be a device for use in one or more application domains, these domains comprising, but not limited to, city wearable technology, extended industrial application and healthcare. Non-limiting examples of such an loT device are a device which is or which is embedded in: a connected refrigerator or freezer, a TV, a connected lighting device, an electricity meter, a robot vacuum cleaner, a voice controlled smart speaker, a home security camera, a motion detector, a thermostat, a smoke detector, a door/window sensor, a flood/moisture sensor, an electrical door lock, a connected doorbell, an air conditioning system like a heat pump, an autonomous vehicle, a surveillance system, a weather monitoring device, a vehicle parking monitoring device, an electric vehicle charging station, a smart watch, a fitness tracker, a head-mounted display for Augmented Reality (AR) or Virtual Reality (VR), a wearable for tactile augmentation or sensory enhancement, a water sprinkler, an animal- or item-tracking device, a sensor for monitoring a plant or animal, an industrial robot, an Unmanned Aerial Vehicle (UAV), and any kind of medical device, like a heart rate monitor or a remote controlled surgical robot. A UE in the form of an loT device comprises circuitry and/or software in dependence of the intended application of the loT device in addition to other components as described in relation to the UE 1900 shown in Figure 19.

As yet another specific example, in an loT scenario, a UE may represent a machine or other device that performs monitoring and/or measurements, and transmits the results of such monitoring and/or measurements to another UE and/or a network node. The UE may in this case be an M2M device, which may in a 3GPP context be referred to as an MTC device. As one particular example, the UE may implement the 3GPP NB-loT standard. In other scenarios, a UE may represent a vehicle, such as a car, a bus, a truck, a ship and an airplane, or other equipment that is capable of monitoring and/or reporting on its operational status or other functions associated with its operation.

In practice, any number of UEs may be used together with respect to a single use case. For example, a first UE might be or be integrated in a drone and provide the drone’s speed information (obtained through a speed sensor) to a second UE that is a remote controller operating the drone. When the user makes changes from the remote controller, the first UE may adjust the throttle on the drone (e.g. by controlling an actuator) to increase or decrease the drone’s speed. The first and/or the second UE can also include more than one of the functionalities described above. For example, a UE might comprise the sensor and the actuator, and handle communication of data for both the speed sensor and the actuators.

Figure 20 shows a network node 2000 in accordance with some embodiments. As used herein, network node refers to equipment capable, configured, arranged and/or operable to communicate directly or indirectly with a UE and/or with other network nodes or equipment, in a telecommunication network. Examples of network nodes include, but are not limited to, access points (APs) (e.g., radio access points), base stations (BSs) (e.g., radio base stations, Node Bs, evolved Node Bs (eNBs) and NR NodeBs (gNBs)).

Base stations may be categorized based on the amount of coverage they provide (or, stated differently, their transmit power level) and so, depending on the provided amount of coverage, may be referred to as femto base stations, pico base stations, micro base stations, or macro base stations. A base station may be a relay node or a relay donor node controlling a relay. A network node may also include one or more (or all) parts of a distributed radio base station such as centralized digital units and/or remote radio units (RRUs), sometimes referred to as Remote Radio Heads (RRHs). Such remote radio units may or may not be integrated with an antenna as an antenna integrated radio. Parts of a distributed radio base station may also be referred to as nodes in a distributed antenna system (DAS).

Other examples of network nodes include multiple transmission point (multi-TRP) 5G access nodes, multi-standard radio (MSR) equipment such as MSR BSs, network controllers such as radio network controllers (RNCs) or base station controllers (BSCs), base transceiver stations (BTSs), transmission points, transmission nodes, multi-cell/multicast coordination entities (MCEs), Operation and Maintenance (O&M) nodes, Operations Support System (OSS) nodes, Self-Organizing Network (SON) nodes, positioning nodes (e.g., Evolved Serving Mobile Location Centers (E-SMLCs)), and/or Minimization of Drive Tests (MDTs).

The network node 2000 includes a processing circuitry 2002, a memory 2004, a communication interface 2006, and a power source 2008. The network node 2000 may be composed of multiple physically separate components (e.g., a NodeB component and a RNC component, or a BTS component and a BSC component, etc.), which may each have their own respective components. In certain scenarios in which the network node 2000 comprises multiple separate components (e.g., BTS and BSC components), one or more of the separate components may be shared among several network nodes. For example, a single RNC may control multiple NodeBs. In such a scenario, each unique NodeB and RNC pair, may in some instances be considered a single separate network node. In some embodiments, the network node 2000 may be configured to support multiple radio access technologies (RATs). In such embodiments, some components may be duplicated (e.g., separate memory 2004 for different RATs) and some components may be reused (e.g., a same antenna 2010 may be shared by different RATs). The network node 2000 may also include multiple sets of the various illustrated components for different wireless technologies integrated into network node 2000, for example GSM, WCDMA, LTE, NR, WiFi, Zigbee, Z-wave, LoRaWAN, Radio Frequency Identification (RFID) or Bluetooth wireless technologies. These wireless technologies may be integrated into the same or different chip or set of chips and other components within network node 2000.

The processing circuitry 2002 may comprise a combination of one or more of a microprocessor, controller, microcontroller, central processing unit, digital signal processor, application-specific integrated circuit, field programmable gate array, or any other suitable computing device, resource, or combination of hardware, software and/or encoded logic operable to provide, either alone or in conjunction with other network node 2000 components, such as the memory 2004, to provide network node 2000 functionality.

In some embodiments, the processing circuitry 2002 includes a system on a chip (SOC). In some embodiments, the processing circuitry 2002 includes one or more of radio frequency (RF) transceiver circuitry 2012 and baseband processing circuitry 2014. In some embodiments, the radio frequency (RF) transceiver circuitry 2012 and the baseband processing circuitry 2014 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of RF transceiver circuitry 2012 and baseband processing circuitry 2014 may be on the same chip or set of chips, boards, or units.

The memory 2004 may comprise any form of volatile or non-volatile computer-readable memory including, without limitation, persistent storage, solid-state memory, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD) or a Digital Video Disk (DVD)), and/or any other volatile or non-volatile, non-transitory device-readable and/or computer-executable memory devices that store information, data, and/or instructions that may be used by the processing circuitry 2002. The memory 2004 may store any suitable instructions, data, or information, including a computer program, software, an application including one or more of logic, rules, code, tables, and/or other instructions capable of being executed by the processing circuitry 2002 and utilized by the network node 2000. The memory 2004 may be used to store any calculations made by the processing circuitry 2002 and/or any data received via the communication interface 2006. In some embodiments, the processing circuitry 2002 and memory 2004 is integrated.

The communication interface 2006 is used in wired or wireless communication of signaling and/or data between a network node, access network, and/or UE. As illustrated, the communication interface 2006 comprises port(s)/terminal(s) 2016 to send and receive data, for example to and from a network over a wired connection. The communication interface 2006 also includes radio front-end circuitry 2018 that may be coupled to, or in certain embodiments a part of, the antenna 2010. Radio front-end circuitry 2018 comprises filters 2020 and amplifiers 2022. The radio front-end circuitry 2018 may be connected to an antenna 2010 and processing circuitry 2002. The radio front-end circuitry may be configured to condition signals communicated between antenna 2010 and processing circuitry 2002. The radio front-end circuitry 2018 may receive digital data that is to be sent out to other network nodes or UEs via a wireless connection. The radio front-end circuitry 2018 may convert the digital data into a radio signal having the appropriate channel and bandwidth parameters using a combination of filters 2020 and/or amplifiers 2022. The radio signal may then be transmitted via the antenna 2010. Similarly, when receiving data, the antenna 2010 may collect radio signals which are then converted into digital data by the radio front-end circuitry 2018. The digital data may be passed to the processing circuitry 2002. In other embodiments, the communication interface may comprise different components and/or different combinations of components.

In certain alternative embodiments, the network node 2000 does not include separate radio front-end circuitry 2018, instead, the processing circuitry 2002 includes radio front-end circuitry and is connected to the antenna 2010. Similarly, in some embodiments, all or some of the RF transceiver circuitry 2012 is part of the communication interface 2006. In still other embodiments, the communication interface 2006 includes one or more ports or terminals 2016, the radio front-end circuitry 2018, and the RF transceiver circuitry 2012, as part of a radio unit (not shown), and the communication interface 2006 communicates with the baseband processing circuitry 2014, which is part of a digital unit (not shown).

The antenna 2010 may include one or more antennas, or antenna arrays, configured to send and/or receive wireless signals. The antenna 2010 may be coupled to the radio front-end circuitry 2018 and may be any type of antenna capable of transmitting and receiving data and/or signals wirelessly. In certain embodiments, the antenna 2010 is separate from the network node 2000 and connectable to the network node 2000 through an interface or port.

The antenna 2010, communication interface 2006, and/or the processing circuitry 2002 may be configured to perform any receiving operations and/or certain obtaining operations described herein as being performed by the network node. Any information, data and/or signals may be received from a UE, another network node and/or any other network equipment. Similarly, the antenna 2010, the communication interface 2006, and/or the processing circuitry 2002 may be configured to perform any transmitting operations described herein as being performed by the network node. Any information, data and/or signals may be transmitted to a UE, another network node and/or any other network equipment.

The power source 2008 provides power to the various components of network node 2000 in a form suitable for the respective components (e.g., at a voltage and current level needed for each respective component). The power source 2008 may further comprise, or be coupled to, power management circuitry to supply the components of the network node 2000 with power for performing the functionality described herein. For example, the network node 2000 may be connectable to an external power source (e.g., the power grid, an electricity outlet) via an input circuitry or interface such as an electrical cable, whereby the external power source supplies power to power circuitry of the power source 2008. As a further example, the power source 2008 may comprise a source of power in the form of a battery or battery pack which is connected to, or integrated in, power circuitry. The battery may provide backup power should the external power source fail.

Embodiments of the network node 2000 may include additional components beyond those shown in Figure 20 for providing certain aspects of the network node’s functionality, including any of the functionality described herein and/or any functionality necessary to support the subject matter described herein. For example, the network node 2000 may include user interface equipment to allow input of information into the network node 2000 and to allow output of information from the network node 2000. This may allow a user to perform diagnostic, maintenance, repair, and other administrative functions for the network node 2000.

Figure 21 is a block diagram of a host 2100, which may be an embodiment of the host 1816 of Figure 18, in accordance with various aspects described herein. As used herein, the host 2100 may be or comprise various combinations hardware and/or software, including a standalone server, a blade server, a cloud-implemented server, a distributed server, a virtual machine, container, or processing resources in a server farm. The host 2100 may provide one or more services to one or more UEs.

The host 2100 includes processing circuitry 2102 that is operatively coupled via a bus 2104 to an input/output interface 2106, a network interface 2108, a power source 2110, and a memory 2112. Other components may be included in other embodiments. Features of these components may be substantially similar to those described with respect to the devices of previous figures, such as Figures 19 and 20, such that the descriptions thereof are generally applicable to the corresponding components of host 2100.

The memory 2112 may include one or more computer programs including one or more host application programs 2114 and data 2116, which may include user data, e.g., data generated by a UE for the host 2100 or data generated by the host 2100 for a UE. Embodiments of the host 2100 may utilize only a subset or all of the components shown. The host application programs 2114 may be implemented in a container-based architecture and may provide support for video codecs (e.g., Versatile Video Coding (WC), High Efficiency Video Coding (HEVC), Advanced Video Coding (AVC), MPEG, VP9) and audio codecs (e.g., FLAC, Advanced Audio Coding (AAC), MPEG, G.711), including transcoding for multiple different classes, types, or implementations of UEs (e.g., handsets, desktop computers, wearable display systems, heads-up display systems). The host application programs 2114 may also provide for user authentication and licensing checks and may periodically report health, routes, and content availability to a central node, such as a device in or on the edge of a core network. Accordingly, the host 2100 may select and/or indicate a different host for over-the-top services for a UE. The host application programs 2114 may support various protocols, such as the HTTP Live Streaming (HLS) protocol, Real-Time Messaging Protocol (RTMP), Real-Time Streaming Protocol (RTSP), Dynamic Adaptive Streaming over HTTP (MPEG-DASH), etc.

Figure 22 is a block diagram illustrating a virtualization environment 2200 in which functions implemented by some embodiments may be virtualized. In the present context, virtualizing means creating virtual versions of apparatuses or devices which may include virtualizing hardware platforms, storage devices and networking resources. As used herein, virtualization can be applied to any device described herein, or components thereof, and relates to an implementation in which at least a portion of the functionality is implemented as one or more virtual components. Some or all of the functions described herein may be implemented as virtual components executed by one or more virtual machines (VMs) implemented in one or more virtual environments 2200 hosted by one or more of hardware nodes, such as a hardware computing device that operates as a network node, UE, core network node, or host. Further, in embodiments in which the virtual node does not require radio connectivity (e.g., a core network node or host), then the node may be entirely virtualized.

Applications 2202 (which may alternatively be called software instances, virtual appliances, network functions, virtual nodes, virtual network functions, etc.) are run in the virtualization environment Q400 to implement some of the features, functions, and/or benefits of some of the embodiments disclosed herein.

Hardware 2204 includes processing circuitry, memory that stores software and/or instructions executable by hardware processing circuitry, and/or other hardware devices as described herein, such as a network interface, input/output interface, and so forth. Software may be executed by the processing circuitry to instantiate one or more virtualization layers 2206 (also referred to as hypervisors or virtual machine monitors (VMMs)), provide VMs 2208a and 2208b (one or more of which may be generally referred to as VMs 2208), and/or perform any of the functions, features and/or benefits described in relation with some embodiments described herein. The virtualization layer 2206 may present a virtual operating platform that appears like networking hardware to the VMs 2208.

The VMs 2208 comprise virtual processing, virtual memory, virtual networking or interface and virtual storage, and may be run by a corresponding virtualization layer 2206. Different embodiments of the instance of a virtual appliance 2202 may be implemented on one or more of VMs 2208, and the implementations may be made in different ways. Virtualization of the hardware is in some contexts referred to as network function virtualization (NFV). NFV may be used to consolidate many network equipment types onto industry standard high volume server hardware, physical switches, and physical storage, which can be located in data centers, and customer premise equipment.

In the context of NFV, a VM 2208 may be a software implementation of a physical machine that runs programs as if they were executing on a physical, non-virtualized machine. Each of the VMs 2208, and that part of hardware 2204 that executes that VM, be it hardware dedicated to that VM and/or hardware shared by that VM with others of the VMs, forms separate virtual network elements. Still in the context of NFV, a virtual network function is responsible for handling specific network functions that run in one or more VMs 2208 on top of the hardware 2204 and corresponds to the application 2202.

Hardware 2204 may be implemented in a standalone network node with generic or specific components. Hardware 2204 may implement some functions via virtualization. Alternatively, hardware 2204 may be part of a larger cluster of hardware (e.g. such as in a data center or CPE) where many hardware nodes work together and are managed via management and orchestration 2210, which, among others, oversees lifecycle management of applications 2202. In some embodiments, hardware 2204 is coupled to one or more radio units that each include one or more transmitters and one or more receivers that may be coupled to one or more antennas. Radio units may communicate directly with other hardware nodes via one or more appropriate network interfaces and may be used in combination with the virtual components to provide a virtual node with radio capabilities, such as a radio access node or a base station. In some embodiments, some signaling can be provided with the use of a control system 2212 which may alternatively be used for communication between hardware nodes and radio units.

Figure 23 shows a communication diagram of a host 2302 communicating via a network node 2304 with a UE 2306 over a partially wireless connection in accordance with some embodiments. Example implementations, in accordance with various embodiments, of the UE (such as a UE 1812a of Figure 18 and/or UE 1900 of Figure 19), network node (such as network node 1810a of Figure 18 and/or network node 2000 of Figure 20), and host (such as host 1816 of Figure 18 and/or host 2100 of Figure 21) discussed in the preceding paragraphs will now be described with reference to Figure 23.

Like host 2100, embodiments of host 2302 include hardware, such as a communication interface, processing circuitry, and memory. The host 2302 also includes software, which is stored in or accessible by the host 2302 and executable by the processing circuitry. The software includes a host application that may be operable to provide a service to a remote user, such as the UE 2306 connecting via an over-the-top (OTT) connection 2350 extending between the UE 2306 and host 2302. In providing the service to the remote user, a host application may provide user data which is transmitted using the OTT connection 2350.

The network node 2304 includes hardware enabling it to communicate with the host 2302 and UE 2306. The connection 2360 may be direct or pass through a core network (like core network 1806 of Figure 18) and/or one or more other intermediate networks, such as one or more public, private, or hosted networks. For example, an intermediate network may be a backbone network or the Internet.

The UE 2306 includes hardware and software, which is stored in or accessible by UE 2306 and executable by the UE’s processing circuitry. The software includes a client application, such as a web browser or operator-specific “app” that may be operable to provide a service to a human or non-human user via UE 2306 with the support of the host 2302. In the host 2302, an executing host application may communicate with the executing client application via the OTT connection 2350 terminating at the UE 2306 and host 2302. In providing the service to the user, the UE's client application may receive request data from the host's host application and provide user data in response to the request data. The OTT connection 2350 may transfer both the request data and the user data. The UE's client application may interact with the user to generate the user data that it provides to the host application through the OTT connection 2350.

The OTT connection 2350 may extend via a connection 2360 between the host 2302 and the network node 2304 and via a wireless connection 2370 between the network node 2304 and the UE 2306 to provide the connection between the host 2302 and the UE 2306. The connection 2360 and wireless connection 2370, over which the OTT connection 2350 may be provided, have been drawn abstractly to illustrate the communication between the host 2302 and the UE 2306 via the network node 2304, without explicit reference to any intermediary devices and the precise routing of messages via these devices.

As an example of transmitting data via the OTT connection 2350, in step 2308, the host 2302 provides user data, which may be performed by executing a host application. In some embodiments, the user data is associated with a particular human user interacting with the UE 2306. In other embodiments, the user data is associated with a UE 2306 that shares data with the host 2302 without explicit human interaction. In step 2310, the host 2302 initiates a transmission carrying the user data towards the UE 2306. The host 2302 may initiate the transmission responsive to a request transmitted by the UE 2306. The request may be caused by human interaction with the UE 2306 or by operation of the client application executing on the UE 2306. The transmission may pass via the network node 2304, in accordance with the teachings of the embodiments described throughout this disclosure. Accordingly, in step 2312, the network node 2304 transmits to the UE 2306 the user data that was carried in the transmission that the host 2302 initiated, in accordance with the teachings of the embodiments described throughout this disclosure. In step 2314, the UE 2306 receives the user data carried in the transmission, which may be performed by a client application executed on the UE 2306 associated with the host application executed by the host 2302.

In some examples, the UE 2306 executes a client application which provides user data to the host 2302. The user data may be provided in reaction or response to the data received from the host 2302. Accordingly, in step 2316, the UE 2306 may provide user data, which may be performed by executing the client application. In providing the user data, the client application may further consider user input received from the user via an input/output interface of the UE 2306. Regardless of the specific manner in which the user data was provided, the UE 2306 initiates, in step 2318, transmission of the user data towards the host 2302 via the network node 2304. In step 2320, in accordance with the teachings of the embodiments described throughout this disclosure, the network node 2304 receives user data from the UE 2306 and initiates transmission of the received user data towards the host 2302. In step 2322, the host 2302 receives the user data carried in the transmission initiated by the UE 2306.

One or more of the various embodiments improve the performance of OTT services provided to the UE 2306 using the OTT connection 2350, in which the wireless connection 2370 forms the last segment.

In an example scenario, factory status information may be collected and analyzed by the host 2302. As another example, the host 2302 may process audio and video data which may have been retrieved from a UE for use in creating maps. As another example, the host 2302 may collect and analyze real-time data to assist in controlling vehicle congestion (e.g., controlling traffic lights). As another example, the host 2302 may store surveillance video uploaded by a UE. As another example, the host 2302 may store or control access to media content such as video, audio, VR or AR which it can broadcast, multicast or unicast to UEs. As other examples, the host 2302 may be used for energy pricing, remote control of non-time critical electrical load to balance power generation needs, location services, presentation services (such as compiling diagrams etc. from data collected from remote devices), or any other function of collecting, retrieving, storing, analyzing and/or transmitting data.

In some examples, a measurement procedure may be provided for the purpose of monitoring data rate, latency and other factors on which the one or more embodiments improve. There may further be an optional network functionality for reconfiguring the OTT connection 2350 between the host 2302 and UE 2306, in response to variations in the measurement results. The measurement procedure and/or the network functionality for reconfiguring the OTT connection may be implemented in software and hardware of the host 2302 and/or UE 2306. In some embodiments, sensors (not shown) may be deployed in or in association with other devices through which the OTT connection 2350 passes; the sensors may participate in the measurement procedure by supplying values of the monitored quantities exemplified above, or supplying values of other physical quantities from which software may compute or estimate the monitored quantities. The reconfiguring of the OTT connection 2350 may include message format, retransmission settings, preferred routing etc.; the reconfiguring need not directly alter the operation of the network node 2304. Such procedures and functionalities may be known and practiced in the art. In certain embodiments, measurements may involve proprietary UE signaling that facilitates measurements of throughput, propagation times, latency and the like, by the host 2302. The measurements may be implemented in that software causes messages to be transmitted, in particular empty or ‘dummy’ messages, using the OTT connection 2350 while monitoring propagation times, errors, etc.

Although the computing devices described herein (e.g., UEs, network nodes, hosts) may include the illustrated combination of hardware components, other embodiments may comprise computing devices with different combinations of components. It is to be understood that these computing devices may comprise any suitable combination of hardware and/or software needed to perform the tasks, features, functions and methods disclosed herein. Determining, calculating, obtaining or similar operations described herein may be performed by processing circuitry, which may process information by, for example, converting the obtained information into other information, comparing the obtained information or converted information to information stored in the network node, and/or performing one or more operations based on the obtained information or converted information, and as a result of said processing making a determination. Moreover, while components are depicted as single boxes located within a larger box, or nested within multiple boxes, in practice, computing devices may comprise multiple different physical components that make up a single illustrated component, and functionality may be partitioned between separate components. For example, a communication interface may be configured to include any of the components described herein, and/or the functionality of the components may be partitioned between the processing circuitry and the communication interface. In another example, non-computationally intensive functions of any of such components may be implemented in software or firmware and computationally intensive functions may be implemented in hardware.

In certain embodiments, some or all of the functionality described herein may be provided by processing circuitry executing instructions stored on in memory, which in certain embodiments may be a computer program product in the form of a non-transitory computer- readable storage medium. In alternative embodiments, some or all of the functionality may be provided by the processing circuitry without executing instructions stored on a separate or discrete device-readable storage medium, such as in a hard-wired manner. In any of those particular embodiments, whether executing instructions stored on a non-transitory computer- readable storage medium or not, the processing circuitry can be configured to perform the described functionality. The benefits provided by such functionality are not limited to the processing circuitry alone or to other components of the computing device, but are enjoyed by the computing device as a whole, and/or by end users and a wireless network generally.

Notably, modifications and other embodiments of the present disclosure will come to mind to one skilled in the art having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the present disclosure is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of this disclosure. Although specific terms may be employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Example embodiments of the techniques and apparatus described herein include, but are not limited to, the following enumerated examples: Group A Embodiments

A1 . A method performed by a communication device configured for use in a communication network, the method comprising: obtaining a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network; encrypting the fixed length identifier to obtain a concealed identifier; and transmitting the concealed identifier.

A2. The method of embodiment A1 , wherein obtaining the fixed length identifier comprises calculating the fixed length identifier as a function of the subscription identifier.

A3. The method of embodiment A2, wherein the function is a hash function, wherein calculating the fixed length identifier comprises calculating a hash of the subscription identifier using the hash function.

A4. The method of embodiment A3, wherein the hash function is an unkeyed hash function.

A5. The method of any of embodiments A3-A4, wherein the hash function is a key derivation function, KDF.

A6. The method of embodiment A5, wherein an input key to the KDF is all zeroes.

A7. The method of any of embodiments A3-A6, wherein the fixed length identifier is the hash.

A8. The method of any of embodiments A3-A6, wherein calculating the fixed length identifier further comprises truncating the hash to a fixed length, wherein the fixed length identifier is the truncated hash.

A9. The method of embodiment A1 , wherein the communication device is provisioned with the fixed length identifier in association with the subscription identifier.

A10. The method of embodiment A1 , wherein the subscription identifier is mapped to the fixed length identifier.

A11 . The method of embodiment A10, wherein the subscription identifier is mapped to the fixed length identifier according to an injective mapping between subscription identifiers and fixed length identifiers. A12. The method of any of embodiments A1-A11 , wherein transmitting the concealed identifier comprises transmitting the concealed identifier to, or towards, the communication network.

A13. The method of any of embodiments A1 -A12, wherein the subscription identifier is a subscription permanent identifier, SUPI, and wherein the concealed identifier is a subscription concealed identifier, SUCI.

A14. The method of any of embodiments A1 -A13, wherein the subscription identifier is a network access identifier, NAI, comprising a username and a realm.

A15. The method of any of embodiments A1 -A14, wherein the fixed length identifier has a fixed length.

A16. The method of embodiment A15, wherein the fixed length is fixed with respect to a length of the subscription identifier.

A17. The method of any of embodiments A15-A16, wherein the fixed length identifier is calculated according to a function that has an input and that has an output, wherein the output has the fixed length for all possible values of the input, wherein the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function.

A18. The method of any of embodiments A15-A17, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein the subscription identifiers are associated with respective fixed length identifiers, wherein at least some of the subscription identifiers have different lengths, wherein each of the fixed length identifiers has the same fixed length.

A19. The method of any of embodiments A15-A18, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein at least some of the subscription identifiers have different lengths, wherein the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

A20. The method of any of embodiments A1 -A19, further comprising transmitting signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier. AA. The method of any of the previous embodiments, further comprising: providing user data; and forwarding the user data to a host computer via the transmission to a base station.

Group B Embodiments

B1 . A method performed by network equipment configured for use in a communication network, the method comprising: receiving a concealed identifier from a communication device; and decrypting the concealed identifier to obtain a fixed length identifier associated with a subscription identifier identifying a subscription to the communication network.

B2. The method of embodiment B1 , further comprising transmitting the decrypted identifier to other network equipment.

B3. The method of embodiment B2, wherein the other network equipment implements a unified data repository, UDR, for the communication network.

B4. The method of any of embodiments B1-B3, wherein the network equipment implements a unified data management, UDM, function.

B5. The method of any of embodiments B1-B4, wherein the fixed length identifier is a function of the subscription identifier.

B6. The method of embodiment B5, wherein the function is a hash function, wherein the fixed length identifier comprises a hash of the subscription identifier according to the hash function.

B7. The method of embodiment B6, wherein the hash function is an unkeyed hash function.

B8. The method of any of embodiments B6-B7, wherein the hash function is a key derivation function, KDF.

B9. The method of embodiment B8, wherein an input key to the KDF is all zeroes.

B10. The method of any of embodiments B6-B9, wherein the fixed length identifier is the hash or a truncated version of the hash. B11 . The method of any of embodiments B1-B5, wherein the communication device is provisioned with the fixed length identifier in association with the subscription identifier.

B12. The method of any of embodiments B1-B5, wherein the subscription identifier is mapped to the fixed length identifier.

B13. The method of embodiment B12, wherein the subscription identifier is mapped to the fixed length identifier based on an injective mapping between subscription identifiers and fixed length identifiers.

B14. The method of any of embodiments B1-B13, wherein the subscription identifier is a subscription permanent identifier, SUPI, and wherein the concealed identifier is a subscription concealed identifier, SUCI.

B15. The method of any of embodiments B1-B14, wherein the subscription identifier is a network access identifier, NAI, comprising a username and a realm.

B16. The method of any of embodiments B1-B15, wherein the fixed length identifier has a fixed length.

B17. The method of embodiment B16, wherein the fixed length is fixed with respect to a length of the subscription identifier.

B18. The method of any of embodiments B16-B17, wherein the fixed length identifier is calculated according to a function that has an input and that has an output, wherein the output has the fixed length for all possible values of the input, wherein the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function.

B19. The method of any of embodiments B16-B18, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein the subscription identifiers are associated with respective fixed length identifiers, wherein at least some of the subscription identifiers have different lengths, wherein each of the fixed length identifiers has the same fixed length.

B20. The method of any of embodiments B16-B19, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein at least some of the subscription identifiers have different lengths, wherein the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

B21 . The method of any of embodiments B1-B20, further comprising receiving signaling indicating that the concealed identifier conceals the fixed length identifier rather than concealing the subscription identifier.

B22. The method of embodiment B21 , wherein said decrypting is performed based on the signaling.

B23. The method of any of embodiments B1-B22, further comprising determining the subscription identifier associated with the fixed length identifier.

BB1 . A method performed by network equipment configured for use in a communication network, the method comprising: obtaining a fixed length identifier; and determining a subscription identifier associated with the fixed length identifier, wherein the subscription identifier identifies a subscription to the communication network.

BB2. The method of embodiment BB1 , wherein determining the subscription identifier comprises mapping the fixed length identifier to the subscription identifier.

BB3. The method of any of embodiments BB1-BB2, wherein the fixed length identifier is, or is a truncated version of, a hash of the subscription identifier.

BB4. The method of embodiment BB3, wherein the hash is an unkeyed hash.

BB5. The method of any of embodiments BB3-BB4, wherein the hash is calculated from a key derivation function, KDF.

BB6. The method of embodiment BB5, wherein an input key to the KDF is all zeroes.

BB7. The method of any of embodiments BB1-BB6, wherein the communication device is provisioned with the fixed length identifier in association with the subscription identifier.

BB8. The method of embodiment BB2, wherein said mapping is performed based on an injective mapping between subscription identifiers and fixed length identifiers. BB9. The method of any of embodiments BB1-BB8, wherein the subscription identifier is a subscription permanent identifier, SUPI.

BB10. The method of any of embodiments BB1-BB9, wherein the subscription identifier is a network access identifier, NAI, comprising a username and a realm.

BB11. The method of any of embodiments BB1-BB10, wherein the fixed length identifier has a fixed length.

BB12. The method of embodiment BB11 , wherein the fixed length is fixed with respect to a length of the subscription identifier.

BB13. The method of any of embodiments BB11- BB12, wherein the fixed length identifier is calculated according to a function that has an input and that has an output, wherein the output has the fixed length for all possible values of the input, wherein the fixed length identifier is calculated by inputting the subscription identifier into the function as the input of the function and obtaining the fixed length identifier as the output of the function.

BB14. The method of any of embodiments BB11 - BB13, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein the subscription identifiers are associated with respective fixed length identifiers, wherein at least some of the subscription identifiers have different lengths, wherein each of the fixed length identifiers has the same fixed length.

BB15. The method of any of embodiments BB11- BB14, wherein all subscriptions to the communication network are identified by respective subscription identifiers, wherein at least some of the subscription identifiers have different lengths, wherein the fixed length is shorter than the subscription identifier having the longest length among the subscription identifiers.

BB16. The method of any of embodiments BB1- BB15, wherein obtaining the fixed length identifier comprises receiving the fixed length identifier from other network equipment.

BB17. The method of embodiment BB16, wherein the other network equipment implements a unified data repository, UDR.

BB18. The method of any of embodiments BB16-BB17, further comprising receiving, from the other network equipment, signaling indicating that the identifier received from the another network node is a fixed length identifier. BB19. The method of any of embodiments BB1-BB15, wherein obtaining the fixed length identifier comprises: receiving a concealed identifier from a communication device; and decrypting the concealed identifier to obtain the fixed length identifier.

BB20. The method of any of embodiments BB1-BB19, further comprising retrieving subscription data for the subscription identified by the determined subscription identifier.

BB. The method of any of the previous embodiments, further comprising: obtaining user data; and forwarding the user data to a host computer or a wireless communication device.

Group C Embodiments

C1. A communication device configured to perform any of the steps of any of the Group A embodiments.

C2. A communication device comprising processing circuitry configured to perform any of the steps of any of the Group A embodiments.

C3. A communication device comprising: communication circuitry; and processing circuitry configured to perform any of the steps of any of the Group A embodiments.

C4. A communication device comprising: processing circuitry configured to perform any of the steps of any of the Group A embodiments; and power supply circuitry configured to supply power to the communication device.

C5. A communication device comprising: processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the communication device is configured to perform any of the steps of any of the Group A embodiments.

C6. A user equipment (UE) comprising: an antenna configured to send and receive wireless signals; radio front-end circuitry connected to the antenna and to processing circuitry, and configured to condition signals communicated between the antenna and the processing circuitry; the processing circuitry being configured to perform any of the steps of any of the Group A embodiments; an input interface connected to the processing circuitry and configured to allow input of information into the UE to be processed by the processing circuitry; an output interface connected to the processing circuitry and configured to output information from the UE that has been processed by the processing circuitry; and a battery connected to the processing circuitry and configured to supply power to the UE.

C7. A computer program comprising instructions which, when executed by at least one processor of a communication device, causes the communication device to carry out the steps of any of the Group A embodiments.

C8. A carrier containing the computer program of embodiment C7, wherein the carrier is one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

C9. Network equipment configured to perform any of the steps of any of the Group B embodiments.

C10. Network equipment comprising processing circuitry configured to perform any of the steps of any of the Group B embodiments.

C11. Network equipment comprising: communication circuitry; and processing circuitry configured to perform any of the steps of any of the Group B embodiments.

C12. Network equipment comprising: processing circuitry configured to perform any of the steps of any of the Group B embodiments; power supply circuitry configured to supply power to the network equipment.

C13. Network equipment comprising: processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the network equipment is configured to perform any of the steps of any of the Group B embodiments.

C14. The network equipment of any of embodiments C9-C13, wherein the network equipment is a base station.

C15. A computer program comprising instructions which, when executed by at least one processor of network equipment, causes the network equipment to carry out the steps of any of the Group B embodiments.

C16. The computer program of embodiment C14, wherein the network equipment is a base station.

C17. A carrier containing the computer program of any of embodiments C15-C16, wherein the carrier is one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

Group D Embodiments

D1 . A communication system including a host computer comprising: processing circuitry configured to provide user data; and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE), wherein the cellular network comprises a base station having a radio interface and processing circuitry, the base station’s processing circuitry configured to perform any of the steps of any of the Group B embodiments.

D2. The communication system of the previous embodiment further including the base station.

D3. The communication system of the previous 2 embodiments, further including the UE, wherein the UE is configured to communicate with the base station.

D4. The communication system of the previous 3 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application, thereby providing the user data; and the UE comprises processing circuitry configured to execute a client application associated with the host application. D5. A method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, providing user data; and at the host computer, initiating a transmission carrying the user data to the UE via a cellular network comprising the base station, wherein the base station performs any of the steps of any of the Group B embodiments.

D6. The method of the previous embodiment, further comprising, at the base station, transmitting the user data.

D7. The method of the previous 2 embodiments, wherein the user data is provided at the host computer by executing a host application, the method further comprising, at the UE, executing a client application associated with the host application.

D8. A user equipment (UE) configured to communicate with a base station, the UE comprising a radio interface and processing circuitry configured to perform any of the previous 3 embodiments.

D9. A communication system including a host computer comprising: processing circuitry configured to provide user data; and a communication interface configured to forward user data to a cellular network for transmission to a user equipment (UE), wherein the UE comprises a radio interface and processing circuitry, the UE’s components configured to perform any of the steps of any of the Group A embodiments.

D10. The communication system of the previous embodiment, wherein the cellular network further includes a base station configured to communicate with the UE.

D11 . The communication system of the previous 2 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application, thereby providing the user data; and the UE’s processing circuitry is configured to execute a client application associated with the host application.

D12. A method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, providing user data; and at the host computer, initiating a transmission carrying the user data to the UE via a cellular network comprising the base station, wherein the UE performs any of the steps of any of the Group A embodiments.

D13. The method of the previous embodiment, further comprising at the UE, receiving the user data from the base station.

D14. A communication system including a host computer comprising: communication interface configured to receive user data originating from a transmission from a user equipment (UE) to a base station, wherein the UE comprises a radio interface and processing circuitry, the UE’s processing circuitry configured to perform any of the steps of any of the Group A embodiments.

D15. The communication system of the previous embodiment, further including the UE.

D16. The communication system of the previous 2 embodiments, further including the base station, wherein the base station comprises a radio interface configured to communicate with the UE and a communication interface configured to forward to the host computer the user data carried by a transmission from the UE to the base station.

D17. The communication system of the previous 3 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application; and the UE’s processing circuitry is configured to execute a client application associated with the host application, thereby providing the user data.

D18. The communication system of the previous 4 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application, thereby providing request data; and the UE’s processing circuitry is configured to execute a client application associated with the host application, thereby providing the user data in response to the request data.

D19. A method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, receiving user data transmitted to the base station from the UE, wherein the UE performs any of the steps of any of the Group A embodiments.

D20. The method of the previous embodiment, further comprising, at the UE, providing the user data to the base station.

D21. The method of the previous 2 embodiments, further comprising: at the UE, executing a client application, thereby providing the user data to be transmitted; and at the host computer, executing a host application associated with the client application.

D22. The method of the previous 3 embodiments, further comprising: at the UE, executing a client application; and at the UE, receiving input data to the client application, the input data being provided at the host computer by executing a host application associated with the client application, wherein the user data to be transmitted is provided by the client application in response to the input data.

D23. A communication system including a host computer comprising a communication interface configured to receive user data originating from a transmission from a user equipment (UE) to a base station, wherein the base station comprises a radio interface and processing circuitry, the base station’s processing circuitry configured to perform any of the steps of any of the Group B embodiments.

D24. The communication system of the previous embodiment further including the base station.

D25. The communication system of the previous 2 embodiments, further including the UE, wherein the UE is configured to communicate with the base station.

D26. The communication system of the previous 3 embodiments, wherein: the processing circuitry of the host computer is configured to execute a host application; the UE is configured to execute a client application associated with the host application, thereby providing the user data to be received by the host computer.

D27. A method implemented in a communication system including a host computer, a base station and a user equipment (UE), the method comprising: at the host computer, receiving, from the base station, user data originating from a transmission which the base station has received from the UE, wherein the UE performs any of the steps of any of the Group A embodiments.

D28. The method of the previous embodiment, further comprising at the base station, receiving the user data from the UE.

D29. The method of the previous 2 embodiments, further comprising at the base station, initiating a transmission of the received user data to the host computer.