WO2024164110A1

WO2024164110A1 - Methods, devices, and computer readable storage medium for user consent

Info

Publication number: WO2024164110A1
Application number: PCT/CN2023/074611
Authority: WO
Inventors: Chitra JAVALI; Fei Liu
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2023-02-06
Filing date: 2023-02-06
Publication date: 2024-08-15
Anticipated expiration: 2025-08-06
Also published as: CN120604531A

Abstract

Example embodiments relate to methods, devices and a computer readable storage medium for communication. In an example method, a terminal device receives, from a first network device, a consent request for consent of a user for providing user data of the user stored at the first network device to a second network device. The terminal device determines, based on user consent information stored in the terminal device, whether the user allows the user data to be provided to the second network device. Based on determining that the user allows the user data to be provided to the second network device, the terminal device transmits, to the first network device, a consent response. This way, the second network device can get consent of the user from the terminal device when requesting for data from the first network device, to avoid privacy leakage of the user.

Description

METHODS, DEVICES, AND COMPUTER READABLE STORAGE MEDIUM FOR USER CONSENT

FIELD

Example embodiments of the present disclosure generally relate to the field of telecommunication, and in particular, to methods, devices and a computer readable storage medium for user consent.

BACKGROUND

The future networks will be data-driven and service-oriented. Several applications in the future networks will require data collecting and processing of the user in order to provide relevant services. Using the personal data needs to comply with the policies and regulations set by the standard and government bodies to ensure that the user’s or data subjects’ privacy is preserved.

User consent is provided by the user where the user either permits or denies the collection and processing of his or her personal data for a specific task or application. The personal data required by different services vary, hence the user consent has to be handled case by case basis. If any adversary modifies the user’s consent, then a service may be granted access to user’s data or the user may be denied of a specific service. In the former case the user’s data will be shared without his/her awareness to a third party.

SUMMARY

In general, example embodiments of the present disclosure provide a solution for privacy preserving by user consent.

In a first aspect, there is provided a method performed by a terminal device. The method comprises: receiving, from a first network device, a consent request for consent of a user for providing user data of the user stored at the first network device to a second network device; determining, based on user consent information stored in the terminal device, whether the user allows the user data to be provided to the second network device; and based on determining that the user allows the user data to be provided to the second network device, transmitting, to the first network device, a consent response including an indication of the consent of the user. This way, when the second network device requests for data from the first network device, the terminal device can give consent of the user to the second network device, to avoid privacy leakage of the user. In some embodiments of the present disclosure, the terminal device comprises a gear module configured to store the user consent information and to preserve privacy of the user data. This way, the terminal device can keep the user consent, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to determine whether the user allows the user data to be provided to the second network device, based on receiving the consent request, the terminal device can cause a trustworthiness association (TruA) module in the gear module to request for authorization from the user. The terminal device can cause the TruA module to, based on receiving the authorization from the user, map the consent request to a privacy enabler module in the gear module. The terminal device can cause the TruA module to transmit, to a flow point module in the gear module, a first consent request for invoking the privacy enabler module. The terminal device can cause the TruA module to receive, from the flow point module, a first consent response including the indication of the consent of the user. This way, the TruA module can transmit consent request message and consent response message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to transmit the consent response to the first network device comprises, the terminal device can cause the TruA module to transmit the consent response to the first network device. This way, the TruA module can transmit consent response message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to determine whether the user allows the user data to be provided to the second network device, the terminal device can cause the flow point module to receive, from the TruA module, a first consent request for invoking the privacy enabler module. The terminal device can cause the flow point module to transmit, to the privacy enabler module, a second consent request for the consent of the user. The terminal device can cause the flow point module to receive, from the privacy enabler module, a second consent response including the indication of the consent of the user. The terminal device can cause the flow point module to transmit, to the TruA module, a first consent response including the indication of the consent of the user. This way, the flow point module can transmit consent request message and consent response message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to determine whether the user allows the user data to be provided to the second network device, the terminal device can cause the privacy enabler module to receive the second consent request from the flow point module. The terminal device can cause the privacy enabler module to determine, based on the user consent information, that the user allows the user data to be provided to the second network device. The terminal device can cause the privacy enabler module to transmit the second consent response to the flow point module. This way, the privacy enabler module can transmit consent request message and consent response message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the first network device comprises a network function (NF) in a public land mobile network (PLMN) ; and the second network device comprises a network data analytics function (NWDAF) in the PLMN. This way, the NWDAF can get data with user consent from the NF in the PLMN, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the first network device comprises a NWDAF in a PLMN; and the second network device comprises a third party service provider relative to the PLMN. This way, the third party service provider can get data with user consent from the NWDAF in the PLMN, to avoid privacy leakage of the user.

In a second aspect, there is provided a method performed by a first network device. The method comprises: receiving, from a second network device, a data request for user data of a user stored at the first network device; transmitting, to a terminal device storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device; and based on receiving, from the terminal device, a consent response including an indication of the consent of the user, transmitting, to the second network device, a data response including the user data and the indication of the consent of the user. This way, the first network device can transmit consent request to the terminal device when the second network device requests for data from the first network device, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to transmit the consent request to the terminal device, the first network device determines whether the second network device is authorized to access the user data; and based on determining that the second network device is authorized to access the user data, transmits the consent request to the terminal device. This way, the first network device can transmit consent request to the terminal device when determining that the second network device is authorized, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to transmit the consent request to the terminal device, the first network device determines whether the consent of the user is required for providing the user data; and based on determining that the consent of the user is required for providing the user data, transmits the consent request to the terminal device. This way, the first network device can transmit consent request to the terminal device when determining that the consent of user is required, to avoid privacy leakage of the user.

In a third aspect, there is provided a method performed by a second network device. The method comprises: transmitting, to a first network device, a data request for user data of a user stored at the first network device; and in the event that the user allows the user data to be provided to the second network device, receiving, from the first network device, a data response including the user data and an indication of consent of the user for providing the user data to the second network device. This way, when the second network device requests for data from the first network device, the second network device can get consent of the user from the terminal device, to avoid privacy leakage of the user.

In a fourth aspect, there is provided a method performed by a terminal device. The method comprises: determining, that user consent information of a user stored in the terminal device is updated by the user; and transmitting, to a network device, a consent update message indicating the update of the user consent information. This way, when the user consent information is updated, the consent update message is transmitted to the network device, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the terminal device comprises a gear module configured to store the user consent information and to preserve privacy of the user data. This way, the terminal device can keep the user consent, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the consent update message is a first consent update message. The terminal device based on determining that the user consent information is updated, can cause a privacy enabler module in the gear module to transmit, to a flow point in the gear module, a second consent update message indicating the update of the user consent. This way, the privacy model can transmit the consent update message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the terminal device can cause the flow point module to receive the second consent update message from the privacy enabler module; and cause the flow point module to transmit, to a trustworthiness association (TruA) module in the gear module, a third consent update message indicating the update of the User Consent. This way, the flow point module can forward the consent update message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, in order to transmit the consent update message to the network device, the terminal device can cause the TruA module to, based on receiving the third consent update message from the flow point module, transmit the first consent update message to the network device. This way, the TruA module can forward the consent update message, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the network device comprises a network function (NF) in a public land mobile network (PLMN) or a third party service provider relative to the PLMN. This way, the consent update message can be transmitted from the terminal device to the NF or the third party service provider relative to the PLMN, to avoid privacy leakage of the user.

In a fifth aspect, there is provided a method performed by a network device. The method comprises: receiving, from a terminal device storing user consent information of a user, a consent update message indicating update of the user consent information; and updating, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device. This way, when the user consent information is updated in the terminal device, the network device receives the consent update message from the terminal device, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, prior to updating the privacy setting, the network device authenticates the user. This way, by authenticating the user, privacy leakage of the user can be avoided.

In a sixth aspect, there is provided a terminal device. The terminal device comprising: a communications interface; at least one processor coupled to the communications interface; and a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to: receive, by using the communications interface, from a first network device, a consent request for consent of a user for providing user data of the user stored at the first network device to a second network device; determine, based on user consent information stored in the terminal device, whether the user allows the user data to be provided to the second network device; and based on determining that the user allows the user data to be provided to the second network device, transmit, by using the communications interface, to the first network device, a consent response including an indication of the consent of the user. This way, when the second network device requests for data from the first network device, the terminal device can give consent of the user to the second network device, to avoid privacy leakage of the user.

In a seventh aspect, there is provided a first network device. The first network device comprising: a communications interface; at least one processor coupled to the communications interface; and a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to: receive, by using the communications interface, from a second network device, a data request for user data of a user stored at the first network device; transmit, by using the communications interface, to a terminal device storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device; and based on receiving, by using the communications interface, from the terminal device, a consent response including an indication of the consent of the user, transmit, by using the communications interface, to the second network device, a data response including the user data and the indication of the consent of the user. This way, the first network device can transmit consent request to the terminal device when the second network device requests for data from the first network device, to avoid privacy leakage of the user.

In an eighth aspect, there is provided a second network device. The second network device comprising: a communications interface; at least one processor coupled to the communications interface; and a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to: transmit, by using the communications interface, to a first network device, a data request for user data of a user stored at the first network device; and in the event that the user allows the user data to be provided to the second network device, receive, by using the communications interface, from the first network device, a data response including the user data and an indication of consent of the user for providing the user data to the second network device. This way, when the second network device requests for data from the first network device, the second network device can get consent of the user from the terminal device, to avoid privacy leakage of the user.

In a ninth aspect, there is provided a terminal device. The terminal device comprising: a communications interface; at least one processor coupled to the communications interface; and a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to: determine that user consent information of a user stored in the terminal device is updated by the user; and transmit, by using the communications interface, to a network device, a consent update message indicating the update of the user consent information. This way, when the user consent information is updated, the consent update message is transmitted to the network device, to avoid privacy leakage of the user.

In a tenth aspect, there is provided a network device. The network device comprising: a communications interface; at least one processor coupled to the communications interface; and a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to: receive, by using the communications interface, from a terminal device storing user consent information of a user, a consent update message indicating update of the user consent information; and update, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device. This way, when the user consent information is updated in the terminal device, the network device receives the consent update message from the terminal device, to avoid privacy leakage of the user.

In an eleventh aspect, there is provided a terminal device. The terminal device comprises a transmission unit, a reception unit, and a determination unit. The reception unit receives from a first network device, a consent request for consent of a user for providing user data of the user stored at the first network device to a second network device. The determination unit determines based on user consent information stored in the terminal device, whether the user allows the user data to be provided to the second network device. Based on determining that the user allows the user data to be provided to the second network device, the transmission unit transmits to the first network device, a consent response including an indication of the consent of the user. This way, when the second network device requests for data from the first network device, the terminal device can give consent of the user to the second network device, to avoid privacy leakage of the user.

In a twelfth aspect, there is provided a first network device. The first network device comprises a transmission unit, and a reception unit. The reception unit receives from a second network device, a data request for user data of a user stored at the first network device. The transmission unit transmits to a terminal device storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device. Based on receiving, by the reception unit from the terminal device, a consent response including an indication of the consent of the user, the transmission unit transmits to the second network device, a data response including the user data and the indication of the consent of the user. This way, the first network device can transmit consent request to the terminal device when the second network device requests for data from the first network device, to avoid privacy leakage of the user.

In a thirteenth aspect, there is provided a second network device. The second network device comprises a transmission unit, and a reception unit. The transmission unit transmits to a first network device, a data request for user data of a user stored at the first network device. In the event that the user allows the user data to be provided to the second network device, the reception unit receives from the first network device, a data response including the user data and an indication of consent of the user for providing the user data to the second network device. This way, when the second network device requests for data from the first network device, the second network device can get consent of the user from the terminal device, to avoid privacy leakage of the user.

In a fourteenth aspect, there is provided a terminal device. The terminal device comprises a transmission unit, and a determination unit. The determination unit determines that user consent information of a user stored in the terminal device is updated by the user. The transmission unit transmits to a network device, a consent update message indicating the update of the user consent information. This way, when the user consent information is updated, the consent update message is transmitted to the network device, to avoid privacy leakage of the user.

In a fifteenth aspect, there is provided a network device. The network device comprises a reception unit, and a determination unit. The reception unit receives from a terminal device storing user consent information of a user, a consent update message indicating update of the user consent information. The determination unit updates, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device. This way, when the user consent information is updated in the terminal device, the network device receives the consent update message from the terminal device, to avoid privacy leakage of the user.

In a sixteenth aspect, there is provided a communication system. The communication system comprises a first network device, a second network device, and a terminal device. The terminal device comprises at least one processor coupled to a memory storing programming instructions. The programming instructions instruct the at least one processor to process the method in the first aspect. The first network device comprises at least one processor coupled to a memory storing programming instructions. The programming instructions instruct the at least one processor to process the method in the second aspect. The second network device comprises at least one processor coupled to a memory storing programming instructions. The programming instructions instruct the at least one processor to process the method in the third aspect. This way, when the second network device requests for data from the first network device, the terminal device can give consent of the user to the second network device, to avoid privacy leakage of the user.

In a seventeenth aspect, there is provided a communication system. The communication system comprises a network device, and a terminal device. The terminal device comprises at least one processor coupled to a memory storing programming instructions. The programming instructions instruct the at least one processor to process the method in the fourth aspect. The network device comprises at least one processor coupled to a memory storing programming instructions. The programming instructions instruct the at least one processor to process the method in the fifth aspect. This way, when the user consent information is updated in the terminal device, the network device receives the consent update message from the terminal device, to avoid privacy leakage of the user.

In an eighteenth aspect, there is provided a chip having one or more execution units, when instructions are executed by one or more execution units of the chip, cause the chip to perform at least the method in the first, second, third, fourth, and fifth aspects.

In a nineteenth aspect, there is provided a computer-readable storage medium having instructions stored thereon that, when executed by one or more processors of a computing device, cause the computing device to perform at least the method in the first, second, third, fourth, and fifth aspects.

It is to be understood that the summary section is not intended to identify key or essential features of embodiments of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.

BRIEF DESCRIPTION OF THE DRAWINGS

Some example embodiments will now be described with reference to the accompanying drawings, in which:

FIG. 1A illustrates an example of a communication system in which some example embodiments of the present disclosure may be implemented;

FIG. 1B illustrates an example of another communication system in which some example embodiments of the present disclosure may be implemented;

FIG. 1C illustrates an example of a network environment in which some example embodiments of the present disclosure may be implemented;

FIG. 1D illustrates an example of a block diagram of a gear in the terminal device in accordance some example embodiments of the present disclosure may be implemented;

FIG. 2A illustrates an example of a process flow of a second network device requesting for data to a first network device in accordance with some example embodiments of the present disclosure;

FIG. 2B illustrates an example of a process flow of a terminal device updating user consent information to a network device in accordance with some example embodiments of the present disclosure;

FIG. 3 illustrates an example of a process flow of NWDAF requesting for data to other NFs in accordance with some example embodiments of the present disclosure;

FIG. 4 illustrates an example of a process flow of a third party service provider requests for data to a NWDAF in accordance with some example embodiments of the present disclosure;

FIG. 5 illustrates an example of a process flow of privacy updating by user of the user consent in accordance with some example embodiments of the present disclosure;

FIG. 6 illustrates an example of a method implemented at a terminal device in accordance with some example embodiments of the present disclosure;

FIG. 7 illustrates an example of a method implemented at a first network device in accordance with some example embodiments of the present disclosure;

FIG. 8 illustrates an example of a method implemented at a second network device in accordance with some example embodiments of the present disclosure;

FIG. 9 illustrates an example of a method implemented at a terminal device in accordance with some example embodiments of the present disclosure;

FIG. 10 illustrates an example of a method implemented at a network device in accordance with some example embodiments of the present disclosure;

FIG. 11 illustrates a simplified block diagram of a communication device that is suitable for implementing some example embodiments of the present disclosure;

FIG. 12 illustrates another simplified block diagram of a terminal device that is suitable for implementing some example embodiments of the present disclosure.

FIG. 13 illustrates a simplified block diagram of a first network device that is suitable for implementing some example embodiments of the present disclosure;

FIG. 14 illustrates a further simplified block diagram of a terminal device that is suitable for implementing some example embodiments of the present disclosure; and

FIG. 15 illustrates a simplified block diagram of a network device that is suitable for implementing some example embodiments of the present disclosure.

Throughout the drawings, the same or similar reference numerals represent the same or similar elements.

DETAILED DESCRIPTION

Principle of the present disclosure will now be described with reference to some example embodiments. It is to be understood that these embodiments are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. The disclosure described herein can be implemented in various manners other than the ones described below.

In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.

References in the present disclosure to “one embodiment” , “an embodiment” , “an example embodiment” , and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.

It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a” , “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” , “comprising” , “has” , “having” , “includes” and/or “including” , when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof.

As used herein, the term “communication network” refers to a network following any suitable communication standards, such as Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the fourth generation (4G) , 4.5G, the future fifth generation (5G) communication protocols, and/or any other protocols either currently known or to be developed in the future. Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.

As used herein, the term “network function” (NF) refers to a function in 5G core network, including at least one of Network Slice Selection Function (NSSF) , Network Exposure Function (NEF) , Network Repository Function (NRF) , Policy Control Function (PCF) , Unified Data Management (UDM) , Unified Data Repository (UDR) , Application Function (AF) , Network Data Analytics Function (NWDAF) , trusted non-3GPP gateway function (TNGF) , Authentication Server Function (AUSF) , Access and Mobility Management Function (AMF) , Session Management Function (SMF) , and User Plane Function (UPF) .

The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) . The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (for example, remote surgery) , an industrial device and applications (for example, a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device” , “communication device” , “terminal” may be used interchangeably.

As mentioned hereinbefore, the future networks will be data-driven and service-oriented. Several applications in the future networks will require data collecting and processing of the User in order to provide relevant services. Using the Personal data needs to comply with the policies and regulations set by the standard and government bodies to ensure that the user’s or data subjects’ privacy is preserved. As per General Data Protection Regulation (GDPR) Article 4 definition, personal data is defined as “any information relating to an identified or identifiable natural person ( ‘data subject’ ) ” . User consent is mentioned as one of the potential privacy requirements in the third Generation Partnership Project (3GPP) TR33.849. It shall be required for the services that collect personal information. User consent is provided by the user where the user either permits or denies the collection and processing of his or her personal data for a specific task or application. The personal data required by different services vary, hence the user consent has to be handled case by case basis.

In 5G architecture, UDR with the help of the services provided by UDM stores the user consent of the user data. This user consent is the information received from the mobile network operator (MNO) as a user subscription information. If any adversary modifies the user’s consent, then a service may be granted access to user’s data or the user may be denied of a specific service. In the former case the user’s data will be shared without his/her awareness to a third party.

A user consent may need to be obtained whenever applications use the user’s data to provide services. The NFs in the cellular network may be required to seek the user’s consent prior to sharing the user’s information with a third party service provider, which will otherwise lead to privacy compromise. Whenever the user updates his or her consent to deny the use of the personal data, the user data need to be deleted by the third party service providers or the NFs accordingly, which will otherwise lead to privacy compromise.

In view of the foregoing, several communication schemes for privacy preserving are proposed. Some embodiments of the present disclosure propose to store the user’s consent in the terminal device, for example, in a gear module that has privacy as one of the enabler functions.

Some embodiments of the present disclosure present a protocol to obtain the user’s consent in the terminal device when a network device, such as NWDAF, requests for data to another network device, for example other NFs, in the same Public Land Mobile Network (PLMN) . The 5G network functions (NFs) collect the user’s data such as location, profiles, etc., who is currently subscribed to the network. The NWDAF collects user data from other NFs to provide behavioral analytics, mobility analytics etc. User consent is required when data is being shared with NWDAF, to keep privacy preserving in the NFs, and avoid privacy leakage without the user’s permission.

Some embodiments of the present disclosure present a protocol to obtain the user’s consent in the terminal device when a third party service provider requests for data to a network device, for example, the NWDAF. The NWDAF analytics information will be shared with the third party service provider to provide services. When the third party service provider requests for the analytics information from NWDAF, user consent is required, to keep privacy preserving in the NWDAF, and avoid privacy leakage without the user’s permission.

Some embodiments of the present disclosure also present a protocol in the terminal device when the user consent is updated by the user. When the user updates the consent for a specific service, then the third party or the NF may need to update the user’s data privacy policy accordingly. For example, if the user unsubscribes from service providing mobility analytics and does not intend the NF or a third party service provider to collect his mobility data, then the NF or third party service provider is required to delete the user’s data related to mobility. As per some data protection regulations, a user has the “right to be forgotten” right.

FIG. 1A illustrates an example of a communication system 100 in which some example embodiments of the present disclosure may be implemented. In the communication system 100, there are a first network device 101, a second network device 103, and a terminal device 105. In some embodiments, the first network device 101 and the second network device 103 can communicate with each other, and the first network device 101 and the terminal device 105 can communicate with each other. In some embodiments, the second network device 103 requests for data from the first network device 101, and needs to get user consent from the terminal device 105.

FIG. 1B illustrates an example of a communication system 110 in which some example embodiments of the present disclosure may be implemented. In the communication system 110, the terminal device 105 can communicate with a network device 107. In some embodiments, when the user updates user consent in the terminal device 105, the terminal device 105 needs to transmit the consent update information to the network device 107.

FIG. 1C illustrates an example of a network environment 120 in which some example embodiments of the present disclosure may be implemented. In the network environment 120, there are a base station 121, a terminal device (TD) 125, a first core network function 123, a third party service provider 127, and a second core network function 129. The terminal device 125 in FIG. 1C is an example of the terminal device 105 in FIG. 1A or FIG. 1B. In some embodiments, the first core network function 123 in FIG. 1C is an example of the first network device 101 in FIG. 1A, and the second core network function 129 in FIG. 1C is an example of the second network device 103 in FIG. 1A. Alternatively, in some other embodiments, the third party service provider 127 in FIG. 1C is an example of the second network device 103 in FIG. 1A.

In case the second core network function 129 is an example of the second network device 103, the first core network function 123 can be a NF, and the second core network function 129 can be a NWDAF. The NWDAF requests for data from the NF, and needs to get user consent from the terminal device 125. In case the third party service provider 127 is an example of the second network device 103, the first core network function 123 can be a NWDAF. The third party service provider 127 requests for data from the NWDAF, and needs to get user consent from the terminal device 125. In some embodiments, the first core network function 123 may be an example of the network device 107 in FIG. 1B. In some other embodiments, the third party service provider 127 may be an example of the network device 107 in FIG. 1B.

FIG. 1D illustrates an example of is a block diagram of a gear 130 in the terminal device 105 in accordance some example embodiments of the present disclosure may be implemented. In some embodiment of the present disclosure, the gear 130 (also referred to as a trustworthiness gear 130) is defined for security functionalities. There are several modules in the trustworthiness gear 130: a trustworthiness association (TruA) module 131, a cryptography module 135, an authorization module 137, a flow point gear (FPoint_G) module 133, an attestation module 139, a privacy enabler module 141, a blockchain module 145, a management gear (Mana_G) module 149, and a trusted root module 147. The privacy enabler module 141 maintains a user consent 143. The TruA module 131 is an interface between the modules inside the gear 130 and the functions outside the gear 130, and the TruA module 131 also includes some communication protocols. The flow point module 133 is the information bridge for the communication among the other modules inside the gear 130, such as the cryptography module 135, the authorization module 137, the attestation module 139, etc.

The cryptography module 135 implements functions such as signature, symmetric encryption, asymmetric encryption. The authorization module 137 implements static authorization and token-based authorization. The attestation module 139 implements verification, challenge generation, evidence generation, and reference value generation. The trusted root module 147 comprises keys, standard values and certifications. The management gear module 149 comprises or have a gear profile, an update management function, and a monitoring function. Some embodiments of the present disclosure can be employed in cellular networks such as 5G, 6G, Wi-Fi networks, Bluetooth networks and propriety wireless networks that collect user’s personal data and that require consent of the user prior to collecting the data. The skilled in the art can understand that the trustworthiness gear 130 can be also in other devices except terminal device, such as in base stations or in core network functions.

FIG. 2A illustrates an example of a process flow 200 of the second network device 103 requesting for data to the first network device 101 in accordance with some example embodiments of the present disclosure. In the process flow 200, the second network device 103 transmits (208) a data request 210 to the first network device 101. The data request 210 is used to request for user data of a user stored at the first network device 101. The first network device 101 receives (212) the data request 210 from the second network device 103. Then the first network device 101 transmits (213) a consent request 215 to a terminal device 105 storing user consent information of the user. The consent request 215 is used to request for consent of the user, for providing the user data stored at the first network device 101 to the second network device 103. The terminal device 105 receives (217) the consent request 215 from the first network device 101.

Then, the terminal device 105 determines (220) , based on user consent information stored in the terminal device 105, whether the user allows the user data to be provided to the second network device 103. Based on determining that the user allows the user data to be provided to the second network device 103, the terminal device 105 transmits (223) a consent response 225 to the first network device 101. The consent response 225 includes an indication of the consent of the user. Based on receiving (227) from the terminal device 105, the consent response 225 including an indication of the consent of the user, the first network device 101 transmits (228) a data response 230 to the second network device 103. The data response 230 includes the user data and the indication of the consent of the user. Accordingly, the second network device 102 may receive (232) the user data and the indication of the consent of the user from the first network device 101. This way, the second network device 103 can get consent of the user from the terminal device 105 when requesting for data from the first network device 101, to avoid privacy leakage of the user.

As shown in FIG. 1D, in some embodiments of the present disclosure, the terminal device 105 comprises a gear module 130. The gear module 130 may be configured to store the user consent information and to preserve privacy of the user data, to avoid privacy leakage of the user. As described above, there are several modules in the gear module 130 in the terminal device 105, for example, the trustworthiness association (TruA) module 131, the flow point module 133, the privacy enabler module 141 including a user consent module143, and so on.

In some embodiments of the present disclosure, upon receiving the consent request 215, the terminal device 105 causes the trustworthiness association (TruA) module 131 to request for authorization from the user. Upon receiving the authorization from the user, the terminal device 105 causes the TruA module 131 to map the consent request to the privacy enabler module 141. The terminal device 105 causes the TruA module 131 to transmit to the flow point module 133, a first consent request for invoking the privacy enabler module 141. The terminal device 105 causes the TruA module 131 to receive from the flow point module 133, a first consent response including the indication of the consent of the user.

The terminal device 105 causes the TruA module 131 to transmit the consent response to the first network device 101. The terminal device 105 causes the flow point module 133 to receive from the TruA module 131, a first consent request for invoking the privacy enabler module 141. The terminal device 105 causes the flow point module 133 to transmit to the privacy enabler module 141, a second consent request for the consent of the user. The terminal device 105 causes the flow point module 133 to receive from the privacy enabler module 141, a second consent response. The second consent response includes the indication of the consent of the user. The terminal device 105 causes the flow point module 133 to transmit to the TruA module 131, a first consent response. The first consent response includes the indication of the consent of the user. The terminal device 105 causes the privacy enabler module 141 to receive the second consent request from the flow point module 133. Upon the user consent information, the terminal device 105 causes the privacy enabler module 141 to determine that the user allows the user data to be provided to the second network device 103.

The terminal device 105 causes the privacy enabler module 141 to transmit the second consent response to the flow point module 133. Thus, the consent request is transmitted from the TruA module 131 to the flow point module 133, finally to the privacy enabler module 141 step by step. Based on the user consent 143, the terminal device 105 causes the privacy enabler module 141 to determine that the user allows the user data to be provided to the second network device 103. The consent response is transmitted from the privacy enabler module 141 to the flow point module 133, and finally to the TruA module 131, and to the first network device 101. This way, the second network device 103 can get consent of the user from the terminal device 105 when requesting for data from the first network device 101, to avoid privacy leakage of the user.

In some embodiments of the present disclosure, the first network device 101 comprises a network function (NF) in a public land mobile network (PLMN) , and the second network device 103 comprises a network data analytics function (NWDAF) in the PLMN. In some embodiments of the present disclosure, the first network device 101 comprises a NWDAF in a PLMN, and the second network device 103 comprises a third party service provider relative to the PLMN. This way, the NWDAF can get permission from user consent in the terminal device 105 when requesting for data from the NF, or the third party service provider can get permission from user consent in the terminal device 105 when requesting for data from the NWDAF, to avoid privacy leakage.

In some embodiments of the present disclosure, the first network device 101 determines whether the second network device 103 is authorized to access the user data. And upon determining that the second network device 103 is authorized to access the user data, the first network device 101 transmits the consent request to the terminal device 105. In some embodiments of the present disclosure, the first network device 101 determines whether the consent of the user is required for providing the user data. And upon determining that the consent of the user is required for providing the user data, the first network device 101 transmits the consent request to the terminal device 105. This way, the first network device 101 can make authentication and confirmation of the consent before transmitting the consent request to the terminal device 105, to avoid privacy leakage of the user.

FIG. 2B illustrates an example of a process flow 240 of the terminal device 105 updating user consent information to the network device 107 in accordance with some example embodiments of the present disclosure. In the process flow 240, the terminal device 105 determines (250) that user consent information of a user stored in the terminal device is updated by the user. Then the terminal device 105 transmits (253) to a network device 107, a consent update message 255 indicating the update of the user consent information. The network device 107 receives (257) from the terminal device 105 storing user consent information of a user. The consent update message 255 indicates update of the user consent information. Then, upon the update of the user consent information, the network device 107 updates (260) a privacy setting associated with user data of the user stored in the network device. This way, the consent update message can be transmitted from the terminal device 105 to the network device 107 when the user updates consent information, and make the network device 107 to update the privacy setting accordingly. This can avoid privacy leakage of the user.

In some embodiment of the present disclosure, as shown in FIG. 1D, there are several modules in the gear module 130 in the terminal device 105: a trustworthiness association (TruA) module 131, a flow point module 133, a privacy enabler module 141including a user consent module 143, and so on. Upon determining that the user consent information is updated, the terminal device 105 causes the privacy enabler module 141 to transmit to a flow point module 133, a second consent update message. The second consent update message indicates the update of the user consent. The terminal device 105 causes the flow point module 133 to receive the second consent update message from the privacy enabler module 141. The terminal device 105 causes the flow point module 133 to transmit to the TruA module 131, a third consent update message. The third consent update message indicates the update of the User Consent. Upon receiving the third consent update message from the flow point module 133, The terminal device 105 causes the TruA module 131 to transmit the first consent update message to the network device 107. This way, the consent update message can be transmitted from the privacy module 141 to the flow point module 133, to the TruA module 131, and finally to the network device 107 step by step. This can make the network device to update the privacy setting accordingly, and to avoid privacy leakage of the user.

In some embodiment of the present disclosure, the network device 107 comprises a network function (NF) in a public land mobile network (PLMN) or a third party service provider relative to the PLMN. In some embodiment of the present disclosure, prior to updating the privacy setting, the network device 107 authenticates the user. This way, different network functions can update the privacy setting according to the user consent update, to make the privacy setting update more flexible, to avoid privacy leakage of the user.

In some embodiment of the present disclosure, three scenarios are proposed: (i) the NWDAF requests for data to other NFs in the same PLMN, (ii) the third party service provider requests for data to NWDAF and (iii) privacy updates by user of user consent. The following table provides the attribute description of the attributes used in the protocol in the scenarios.

FIG. 3 illustrates an example of a process flow 300 of an NWDAF 301 requesting for data from another NF 303 in accordance with some example embodiments of the present disclosure. It is understood that the process flow 300 is a more specific example of the process flow 200 as shown in FIG. 2A. The NWDAF 301 is an example of the second network device 103, the NF 303 is an example of the first network device 101, and the gear 130 is a module of the terminal device 105.

As shown in FIG. 3, the NWDAF 301 requests for data to another NF 303 in the same PLMN. The 5G network function (NF) 303 collects the user’s data such as location, profiles, etc., and the user is currently subscribed to the network. The NWDAF 301 collects user data from the NF 303 to provide behavioral analytics, mobility analytics etc. User consent is required when data is being shared with the NWDAF 301. In this scenario, there can be a privacy threat that, the NWDAF 301 must seek the user’s consent prior to collect the data, which will otherwise lead to privacy breach.

The NWDAF 301 transmits (308) requests for data 310 for analytics purpose to the other NF 303 by Request_for_data (UserID, PLMNID, AnalyticsID, Data) . After receiving (312) the request for data 310, in 315, the NF 303 authenticates the NF 303 and checks whether the NWDAF 301 is authorized to access the data and whether the request is from a legitimate network function. The NF 303 has a whitelist of the entities that can access the data which is maintained by the blockchain module. The NF 303 also checks whether user consent is required for performing the analytics. This way, the NF 303 can avoid the NWDAF 301 to access data without authorization, to avoid illegal data access.

The NF 303 further transmits (318) to the gear module 130, the request message 320 NTruGear_Request_for_data (UserID, PLMNID, AnalyticsID, Consent_Request, Data) . This way, the request from the NWDAF 301 can be forwarded to the gear module 130, for confirmation in the user consent 143 in the gear module 130 for privacy preserving, and to avoid private information leakage.

The TruA module 131 in the gear module 130 is the first point of interaction in the gear module 130 which communicates to external interfaces (outside the gear module) . Once the request 320 is received by the gear module 130, the TruA module 131 requests for authorization (340) from User through Nuser (GUI) interface and after receiving the agreement, maps the consent request to the privacy enabler module 141. The TruA module 131 transmits (343) GFlowPoint_Request (EnablerID, AnalyticsID, Consent_Request, Data) 345 to the flow point module 133, and requests the flow point module 133 to invoke the privacy enabler module 141. The flow point module 306 then transmits (348) GPrivacy_UserConsent_Request (AnalyticsID, Consent_Request, Data) 350 to the privacy enabler module 141, requests the privacy enabler module 141 for consent.

After receiving (352) the GPrivacy_UserConsent_Request (AnalyticsID, Consent_Request, Data) 350, the privacy enabler module 141 checks (355) the user consent 143. The privacy enabler module (141) transmits (358) the response 360 to the flow point module 133 by GPrivacy_UserConsent_Response (AnalyticsID, Consent_Response, Data) . The flow point module 133 transmits (363) the response 365 to the TruA module 131 along with the enabler identity and analytics identity in the GFlowPoint_Response (EnablerID, AnalyticsID, Consent_Response, Data) . The enabler identity corresponds to the ID of the privacy enabler module 141, and indicates that the response 365 is from the privacy enabler module. This way, with several request and response inside the gear module 130 in the TD 105, the request from the NWDAF 301 for data for analytics purpose to the NF 303 can get permission in user consent 143 in the gear module 130 in the TD 105, to avoid private information leakage in the data analytics.

The TruA module 131 then translates (325) the response message 365 to external interface, and transmits (328) the response message 330 to the NF 303 by Response_for_data (UserID, PLMNID, AnalyticsID, Consent_Response, Data) . The UserID and the PLMNID are indicated in the message 330 along with the consent response and other parameters. The NF 303 finally transmits (333) the response message 335 to the NWDAF 301 by Response_for_data (UserID, PLMNID, AnalyticsID, Consent_Response, Data) . This way, the NWDAF 301 can get response message with UserID and PLMNID. The response message indicates analytics permission from the user consent 143, to avoid private information leakage in the data analytics.

FIG. 4 illustrates an example of a process flow 400 of a third party service provider 401 requests for data from a NWDAF 403 in accordance with some example embodiments of the present disclosure. It is understood that the process flow 400 is a more specific example of the process flow 200 as shown in FIG. 2A. The third party service provider 401 is an example of the second network device 103, the NWDAF 403 is an example of the first network device 101, and the gear 130 is a module of the terminal device 105.

In some embodiment of the present disclosure, the third party service provider 401 requests for data to the NWDAF 301. The NWDAF analytics information will be shared with from the NWDAF 301 to the third party service provider 401, to provide services. When the third party service provider 401 requests for the analytics information from the NWDAF 301, user consent is required. In this scenario, the privacy threat is that, the NF must seek the user’s consent prior to sharing the user’s information with the third party service provider 401, which will otherwise lead to privacy compromise.

As shown in FIG 4, the third party service provider 401 transmits (408) requests for data 410 for NWDAF 301 by Request_for_data (UserID, PLMNID, SerPovID, SerID, Data) . The NWDAF 301 authenticates (315) the third party service provider 401 and checks whether the third party service provider 401 is authorized to access the data and whether the request is from a legitimate network function. The NWDAF 301 has a whitelist of the entities that can access the data which is maintained by the blockchain module. The NWDAF 301 also checks whether the user consent is required. The NWDAF 301 further transmits (418) request 420 to the gear module 130 and the user consent 143, by the message NTruGear_Request_for_data (UserID, PLMNID, SerPovID, SerID, Consent_Request, Data) . This way, the request from the third party service provider 401 can be forwarded to the gear module 130, for confirmation in the user consent 143 in the gear module 130 for privacy preserving, and to avoid private information leakage.

The TruA module 131 in the gear module 130 is the first point of interaction in the gear module 130 which communicates to external interfaces outside of the gear module 130. Once the request 420 is received by the gear module 130, the TruA module 131 requests for authorization (440) from user through Nuser (GUI) interface and after receiving the agreement, maps the consent request to the privacy enabler module 141. The TruA module 131 transmits (443) GFlowPoint_Request (EnablerID, SerProvID, SerID, Consent_Request, Data) 445 to the flow point module 133, requesting the flow point module 133 to invoke the privacy enabler module 141. The flow point module 133 then transmits (448) request 450 to the privacy enabler module 141 for consent, with GPrivacy_UserConsent_Request (SerProvID, ServID, Consent_Request, Data) . The privacy enabler module 141 checks (455) the user consent 143.

The privacy enabler module 141 transmits (458) the response 460 to the flow point module 133 by GPrivacy_UserConsent_Response (SerProvID, SerID, Consent_Response, Data) . The flow point module 133 transmits (463) the response 465 to the TruA module 131 along with the enabler identity (EnablerID) and the service provider identity (SerProvID) in the GFlowPoint_Response (EnablerID, SerProvID, SerID, Consent_Response, Data) . The EnablerID indicates that the response is from the privacy enabler module 141, and corresponds to the identity of the privacy enabler module 141. This way, with several request and response inside the gear module in the TD 105, the request from the NWDAF 301 for data for analytics purpose to the NF 303 can get permission in user consent 143 in the gear module 130 in the TD 105, to avoid private information leakage in the data analytics.

The TruA module 131 translates (425) the response 465 to external interface, then transmits (428) the message 430 to the NWDAF 301 by Response_for_data (UserID, PLMNID, SerProvID, SerID, Consent_Response, Data) . The UserID and the PLMNID are indicated in the message along with the consent response and other parameters. The NWDAF 301 finally transmits (433) the response 435 to the third party service provider 401 by Response_for_data (UserID, PLMNID, SerPovID, SerID, Consent_Response, Data) . This way, the third party service 401 can get response message with UserID and PLMNID. The response message indicates data access permission from the User Consent 143, to avoid private information leakage in the data analytics.

FIG. 5 illustrates an example of a process flow 500 of privacy updating by user of the user consent in accordance with some example embodiments of the present disclosure. It is understood that the process flow 500 is a more specific example of the process flow 240 as shown in FIG. 2B. An NF 501 is an example of the network device 107 and the gear 130 is a module of the terminal device 105.

In some embodiments of the present disclosure, privacy is updates by user of the user consent. When the user updates the consent for a specific service then the third party service provider or the NF must update the user’s data privacy policy accordingly. For example, if the user unsubscribes from service providing mobility analytics and does not intend the NF or the third party service provider to collect his mobility data then the NF or third party service provider must delete the user’s data related to mobility. As per some data protection regulations, a user has the “right to be forgotten” right.

The privacy threat is that, the user’s data must be consumed accordingly once the user performs any modifications to the consent, which will otherwise lead to privacy compromise. And the security threat is that, if any adversary modifies the user’s consent, then a service may be granted access to user’s data or the user may be denied of a specific service. In the first case the user’s data will be shared without the his or her awareness to a third party service.

As shown in FIG. 5, at 510, the user modifies the privacy settings for the services subscribed and updates the user consent 143. The privacy enabler module 141 transmits (513) a message 515 to the flow point module 133 in the gear module, about the update mentioning the service provider ID, service ID, the consent update and the data. The following is the detailed message transmitted by the privacy enabler 141: GPrivacy_UserConsent_Update (SerPovID, SerID, Consent_Update, Data) . The flow point module 133 transmits (518) the message 520 to the TruA module 131 by GFlowPoint_UserConsent_Update (EnablerID, SerPovID, SerID, Consent_Update, Data) . The TruA module 131 translates (524) the message to external interface, and transmits (523) to the specific NF 303 or third party service provider by NTruGear_UserConsent_Update (UserID, PLMNID, SerPovID, SerID, Consent_Update, Data) 525. The NF 303 authenticates the user and updates the user data privacy settings. This way, the user update in the user consent 143 can be sent to the NF 303 or the third party service provider, to avoid access to the user’s private data, and to avoid privacy leakage.

FIG. 6 illustrates an example of a method 600 implemented at the terminal device 105 in accordance with some example embodiments of the present disclosure. At block 610, the terminal device 105 receives from the first network device 101, a consent request for consent of a user for providing user data of the user stored at the first network device 101 to a second network device 103. At block 620, the terminal device 105 determines, based on user consent information stored in the terminal device 105, whether the user allows the user data to be provided to the second network device. At block 630, based on determining that the user allows the user data to be provided to the second network device 103, the terminal device 105 transmits to the first network device 101, a consent response including an indication of the consent of the user.

In some embodiments of the present disclosure, the terminal device 105 comprises a gear module 130 configured to store the user consent information and to preserve privacy of the user data. In some embodiments of the present disclosure, in order to determine whether the user allows the user data to be provided to the second network device 103, based on receiving the consent request, the terminal device 105 can cause the trustworthiness association (TruA) module 131 in the gear module 130 to request for authorization from the user. Additionally, based on receiving the authorization from the user, the terminal device 105 can cause the TruA module 131 to map the consent request to the privacy enabler module 141 in the gear module 130. Additionally, the terminal device 105 can cause the TruA module 131 to transmit to the flow point module 133 in the gear module 130, the first consent request for invoking the privacy enabler module 141. Finally, the terminal device 105 can cause the TruA module 131 to receive from the flow point module 133, the first consent response including the indication of the consent of the user.

In some embodiments of the present disclosure, in order to transmit the consent response to the first network device101, the terminal device 105 can cause the TruA module 131 to transmit the consent response to the first network device 101.

In some embodiments of the present disclosure, in order to determine whether the user allows the user data to be provided to the second network device 103, the terminal device 105 can cause the flow point module 133 to receive from the TruA module 131, the first consent request for invoking the privacy enabler module 141. Additionally, the terminal device 105 can cause the flow point module 133 to transmit to the privacy enabler module 141, a second consent request for the consent of the user. Additionally, the terminal device 105 can cause the flow point module 133 to receive from the privacy enabler module 141, a second consent response including the indication of the consent of the user. Additionally, the terminal device 105 can cause the flow point module 133 to transmit to the TruA module 131, a first consent response including the indication of the consent of the user.

In some embodiments of the present disclosure, in order to determine whether the user allows the user data to be provided to the second network device 103, the terminal device 105 cause the privacy enabler module 141 to receive the second consent request from the flow point module 133. Additionally, the terminal device 105 can cause the privacy enabler module 141 to determine, based on the user consent information, that the user allows the user data to be provided to the second network device 103. Additionally, the terminal device 105 can cause the privacy enabler module 141 to transmit the second consent response to the flow point module.

In some embodiments of the present disclosure, the first network device 101 comprises a network function (NF) in a public land mobile network (PLMN) , and the second network device 103 comprises a network data analytics function (NWDAF) in the PLMN. In some embodiments of the present disclosure, the first network device 101 comprises a NWDAF in a PLMN, and the second network device 103 comprises a third party service provider relative to the PLMN.

FIG. 7 illustrates an example of a method 700 implemented at the first network device 101 in accordance with some example embodiments of the present disclosure. At block 710, the first network device 101 receives from the second network device 103, a data request for user data of a user stored at the first network device. At block 720, the first network device 101 transmits to the terminal device 105 storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device. At block 730, based on receiving from the terminal device 105, a consent response including an indication of the consent of the user, the first network device 101 transmits to the second network device 103, a data response including the user data and the indication of the consent of the user.

In some embodiments of the present disclosure, in order to transmit the consent request to the terminal device 105, the first network device 101 can cause the first network device 101 to determine whether the second network device 103 is authorized to access the user data. Additionally, based on determining that the second network device 103 is authorized to access the user data, the first network device 101 transmits the consent request to the terminal device 105.

In some embodiments of the present disclosure, in order to transmit the consent request to the terminal device 105, the first network device 101 determines whether the consent of the user is required for providing the user data. Additionally, based on determining that the consent of the user is required for providing the user data, the first network device 101 transmits the consent request to the terminal device 105.

FIG. 8 illustrates an example of a method 800 implemented at the second network device 103 in accordance with some example embodiments of the present disclosure. At block 810, the second network device 103 transmits to the first network device 101, a data request for user data of a user stored at the first network device 101. At block 820, in the event that the user allows the user data to be provided to the second network device 103, the second network device 103 receives from the first network device 101, a data response including the user data and an indication of consent of the user for providing the user data to the second network device 103.

FIG. 9 illustrates an example of a method 900 implemented at the terminal device 105 in accordance with some example embodiments of the present disclosure. At block 910, the terminal device 105 determines that user consent information of a user stored in the terminal device 105 is updated by the user. At block 910, the terminal device 105 transmits to the network device 107, a consent update message indicating the update of the user consent information.

In some embodiments of the present disclosure, the terminal device 105 comprises a gear module 130 configured to store the user consent information and to preserve privacy of the user data. In some embodiments of the present disclosure, the consent update message is a first consent update message. And based on determining that the user consent information is updated, a privacy enabler module 141 in the gear module 130 transmits to a flow point 133 in the gear module 130, a second consent update message indicating the update of the user consent.

In some embodiments of the present disclosure, the flow point module 133 receives the second consent update message from the privacy enabler module 141. The flow point module 133 transmits to the trustworthiness association (TruA) module 131 in the gear module 130, the third consent update message indicating the update of the user consent. In some embodiments of the present disclosure, in order to transmit the consent update message to the network device 107, based on receiving the third consent update message from the flow point module 133, the terminal device 105 can cause the TruA module 131 to transmit the first consent update message to the network device 107. In some embodiments of the present disclosure, the network device 107 comprises a network function (NF) in a public land mobile network (PLMN) or a third party service provider relative to the PLMN.

FIG. 10 illustrates an example of a method 1000 implemented at the network device 107 in accordance with some example embodiments of the present disclosure. At block 1010, the network device 107 receives from the terminal device 105 storing user consent information of a user, a consent update message indicating update of the user consent information. At block 1010, the network device 107 updates, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device 107.

In some embodiments of the present disclosure, prior to updating the privacy setting, the network device 107 authenticates the user. In some embodiments of the present disclosure, the network device 107 comprises a network function (NF) in a public land mobile network (PLMN) or a third party service provider relative to the PLMN.

FIG. 11 illustrates a simplified block diagram of a communication device 1100 that is suitable for implementing some example embodiments of the present disclosure. For example, the communication device 1100 may be provided to implement the first network device 101, the second network device 103, or the terminal device 105 as shown in FIG. 1A. As another example, the communication device 1100 may be provided to implement the network device 107 or the terminal device 105 as shown in FIG. 1B. As a further example, the communication device 1100 may be provided to implement the terminal device 125, the first core network device 123, the third party service provider 127, or the second core network device 129 as shown in FIG. 1C.

As shown in FIG. 11, the communication device 1100 includes one or more processors 1110, one or more memories 1130, and one or more communications interfaces 1120. The processor 1110 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The communication device 1100 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.

The memory 1130 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) , an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage. Examples of the volatile memories include, but are not limited to, a random access memory (RAM) and other volatile memories that will not last in the power-down duration.

The communications interface 1120 can be used for bidirectional communications. The communications interface 1120 may have at least one antenna to facilitate communication. The communication interface 1120 may represent any interface that is necessary for communication with other network elements.

The processor 1110 is configured to control the communications interface 1120 to receive and send a signal. The memory 1130 is configured to store a computer program. The processor 1110 is configured to invoke the computer program from the memory 1130 and run the computer program, so that the communication device 1100 is enabled to perform a corresponding procedure and/or operation in various embodiments of the communication methods in this application.

FIG. 12 illustrates another simplified block diagram of a terminal device that is suitable for implementing some example embodiments of the present disclosure. As shown in Fig. 12, the terminal device 105 comprises a transmission unit 1210, a reception unit 1220, and a determination unit 1230. The reception unit 1220 receives from a first network device 101, a consent request for consent of a user for providing user data of the user stored at the first network device 101 to a second network device 103. The determination unit 1230 determines based on user consent information stored in the terminal device 105, whether the user allows the user data to be provided to the second network device 103. Based on determining that the user allows the user data to be provided to the second network device 103, the transmission unit 1210 transmits to the first network device 101, a consent response including an indication of the consent of the user.

FIG. 13 illustrates a simplified block diagram of a first network device that is suitable for implementing some example embodiments of the present disclosure. The first network device 101 comprises a transmission unit 1310, and a reception unit 1320. The reception unit 1320 receives from a second network device 103, a data request for user data of a user stored at the first network device 101. The transmission unit 1310 transmits to a terminal device 105 storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device 103. Based on receiving, by the reception unit 1320 from the terminal device 105, a consent response including an indication of the consent of the user, the transmission unit 1310 transmits to the second network device 103, a data response including the user data and the indication of the consent of the user.

As similar with Fig. 13, the second network device comprises a transmission unit 1310, and a reception unit 1320. The transmission unit 1310 transmits to a first network device 101, a data request for user data of a user stored at the first network device 101. In the event that the user allows the user data to be provided to the second network device 103, the reception unit 1320 receives from the first network device 101, a data response including the user data and an indication of consent of the user for providing the user data to the second network device 103.

FIG. 14 illustrates a further simplified block diagram of a terminal device that is suitable for implementing some example embodiments of the present disclosure. As shown in Fig 14, the terminal device 105 comprises a transmission unit 1410, and a determination unit 1430. The determination unit 1430 determines that user consent information of a user stored in the terminal device 105 is updated by the user. The transmission unit 1410 transmits to the network device 107, a consent update message indicating the update of the user consent information.

FIG. 15 illustrates a simplified block diagram of a network device that is suitable for implementing some example embodiments of the present disclosure. As shown in Fig. 15, the network device 107 comprises a reception unit 1520, and a determination unit 1530. The reception unit 1520 receives from the terminal device 105 storing user consent information of a user, a consent update message indicating update of the user consent information. The determination unit 1530 updates, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device 107.

A person of ordinary skill in the art may be aware that, in combination with units and algorithm steps of the examples described in the embodiments disclosed in this specification, this application may be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether the functions are performed by hardware or software depends on particular applications and design constraint conditions of the technical solutions. A person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of this application.

It may be clearly understood by a person skilled in the art that, for convenient and brief description, for a detailed working process of the foregoing system, apparatus, and unit, refer to a corresponding process in the foregoing method embodiments, and details are not described herein again.

In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the described apparatus embodiment is merely an example. For example, the unit division is merely logical function division and may be other division in actual implementation. For example, a plurality of units or components may be combined or integrated into another system, or some features may be ignored or not performed. In addition, the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented by using some interfaces. The indirect couplings or communication connections between the apparatuses or units may be implemented in electronic, mechanical, or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units may be selected based on actual requirements to achieve the objectives of the solutions of the embodiments.

In addition, functional units in the embodiments of this application may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units are integrated into one unit.

When the functions are implemented in the form of a software functional unit and sold or used as an independent product, the functions may be stored in a computer-readable storage medium. Based on such an understanding, the technical solutions of this application essentially, or the part contributing to the prior art, or some of the technical solutions may be implemented in a form of a software product. The software product is stored in a storage medium, and includes several instructions for instructing a computer device (which may be a personal computer, a server, or a network device) to perform all or some of the steps of the methods described in the embodiments of this application. The foregoing storage medium includes: any medium that can store program code, such as a USB flash drive, a removable hard disk, a read-only memory (Read-Only Memory, ROM) , a random access memory (Random Access Memory, RAM) , a magnetic disk, or an optical disc.

The foregoing descriptions are merely specific implementations of this application, but are not intended to limit the protection scope of this application. Any variation or replacement readily figured out by a person skilled in the art within the technical scope disclosed in this application shall fall within the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.

Claims

A method for communication, comprising:

receiving, at a terminal device from a first network device, a consent request for consent of a user for providing user data of the user stored at the first network device to a second network device;

determining, based on user consent information stored in the terminal device, whether the user allows the user data to be provided to the second network device; and

based on determining that the user allows the user data to be provided to the second network device, transmitting, to the first network device, a consent response including an indication of the consent of the user.
The method of claim 1, wherein the terminal device comprises a gear module configured to store the user consent information and to preserve privacy of the user data.
The method of claim 2, wherein determining whether the user allows the user data to be provided to the second network device comprises:

based on receiving the consent request, causing a trustworthiness association (TruA) module in the gear module to request for authorization from the user;

causing the TruA module to, based on receiving the authorization from the user, map the consent request to a privacy enabler module in the gear module;

causing the TruA module to transmit, to a flow point module in the gear module, a first consent request for invoking the privacy enabler module; and

causing the TruA module to receive, from the flow point module, a first consent response including the indication of the consent of the user.
The method of claim 3, wherein transmitting the consent response to the first network device comprises:

causing the TruA module to transmit the consent response to the first network device.
The method of claim 3 or 4, wherein determining whether the user allows the user data to be provided to the second network device further comprises:

causing the flow point module to receive, from the TruA module, a first consent request for invoking the privacy enabler module;

causing the flow point module to transmit, to the privacy enabler module, a second consent request for the consent of the user;

causing the flow point module to receive, from the privacy enabler module, a second consent response including the indication of the consent of the user; and

causing the flow point module to transmit, to the TruA module, a first consent response including the indication of the consent of the user.
The method of claim 5, wherein determining whether the user allows the user data to be provided to the second network device further comprises:

causing the privacy enabler module to receive the second consent request from the flow point module;

causing the privacy enabler module to determine, based on the user consent information, that the user allows the user data to be provided to the second network device; and

causing the privacy enabler module to transmit the second consent response to the flow point module.
The method of any of claims 1-6, wherein:

the first network device comprises a network function (NF) in a public land mobile network (PLMN) ; and

the second network device comprises a network data analytics function (NWDAF) in the PLMN.
The method of any of claims 1-6, wherein:

the first network device comprises a NWDAF in a PLMN; and

the second network device comprises a third party service provider relative to the PLMN.
A method for communication, comprising:

receiving, at a first network device from a second network device, a data request for user data of a user stored at the first network device;

transmitting, to a terminal device storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device; and

based on receiving, from the terminal device, a consent response including an indication of the consent of the user, transmitting, to the second network device, a data response including the user data and the indication of the consent of the user.
The method of claim 9, wherein transmitting the consent request to the terminal device comprises:

determining whether the second network device is authorized to access the user data; and

based on determining that the second network device is authorized to access the user data, transmitting the consent request to the terminal device.
The method of claim 9, wherein transmitting the consent request to the terminal device comprises:

determining whether the consent of the user is required for providing the user data; and

based on determining that the consent of the user is required for providing the user data, transmitting the consent request to the terminal device.
The method of any of claims 9-11, wherein:

the first network device comprises a network function (NF) in a public land mobile network (PLMN) ; and

the second network device comprises a network data analytics function (NWDAF) in the PLMN.
The method of any of claims 9-11, wherein:

the first network device comprises a NWDAF in a PLMN; and

the second network device comprises a third party service provider relative to the PLMN.
A method for communication, comprising:

transmitting, at a second network device to a first network device, a data request for user data of a user stored at the first network device; and

in the event that the user allows the user data to be provided to the second network device, receiving, from the first network device, a data response including the user data and an indication of consent of the user for providing the user data to the second network device.
The method of claim 14, wherein:

the first network device comprises a network function (NF) in a public land mobile network (PLMN) ; and

the second network device comprises a network data analytics function (NWDAF) in the PLMN.
The method of claim 14, wherein:

the first network device comprises a NWDAF in a PLMN, and

the second network device comprises a third party service provider relative to the PLMN.
A method for communication, comprising:

determining, at a terminal device, that user consent information of a user stored in the terminal device is updated by the user; and

transmitting, to a network device, a consent update message indicating the update of the user consent information.
The method of claim 17, wherein the terminal device comprises a gear module configured to store the user consent information and to preserve privacy of the user data.
The method of claim 18, wherein the consent update message is a first consent update message, and the method further comprises:

based on determining that the user consent information is updated, causing a privacy enabler module in the gear module to transmit, to a flow point in the gear module, a second consent update message indicating the update of the user consent.
The method of claim 19, further comprising:

causing the flow point module to receive the second consent update message from the privacy enabler module; and

causing the flow point module to transmit, to a trustworthiness association (TruA) module in the gear module, a third consent update message indicating the update of the User Consent.
The method of claim 20, wherein transmitting the consent update message to the network device comprises:

causing the TruA module to, based on receiving the third consent update message from the flow point module, transmit the first consent update message to the network device.
The method of any of claims 17-21, wherein the network device comprises a network function (NF) in a public land mobile network (PLMN) or a third party service provider relative to the PLMN.
A method for communication, comprising:

receiving, at a network device from a terminal device storing user consent information of a user, a consent update message indicating update of the user consent information; and

updating, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device.
The method of claim 23, further comprising:

prior to updating the privacy setting, authenticating the user.
The method of claim 23 or 24, wherein the network device comprises a network function (NF) in a public land mobile network (PLMN) or a third party service provider relative to the PLMN.
A terminal device comprising:

a communications interface;

at least one processor coupled to the communications interface; and

a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to:

receive, by using the communications interface, from a first network device, a consent request for consent of a user for providing user data of the user stored at the first network device to a second network device;

determine, based on user consent information stored in the terminal device, whether the user allows the user data to be provided to the second network device; and

based on determining that the user allows the user data to be provided to the second network device, transmit, by using the communications interface, to the first network device, a consent response including an indication of the consent of the user.
A first network device comprising:

a communications interface;

at least one processor coupled to the communications interface; and

a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to:

receive, by using the communications interface, from a second network device, a data request for user data of a user stored at the first network device;

transmit, by using the communications interface, to a terminal device storing user consent information of the user, a consent request for consent of the user for providing the user data to the second network device; and

based on receiving, by using the communications interface, from the terminal device, a consent response including an indication of the consent of the user, transmit, by using the communications interface, to the second network device, a data response including the user data and the indication of the consent of the user.
A second network device comprising:

a communications interface;

at least one processor coupled to the communications interface; and

a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to:

transmit, by using the communications interface, to a first network device, a data request for user data of a user stored at the first network device; and

in the event that the user allows the user data to be provided to the second network device, receive, by using the communications interface, from the first network device, a data response including the user data and an indication of consent of the user for providing the user data to the second network device.
A terminal device comprising:

a communications interface;

at least one processor coupled to the communications interface; and

a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to:

determine that user consent information of a user stored in the terminal device is updated by the user; and

transmit, by using the communications interface, to a network device, a consent update message indicating the update of the user consent information.
A network device comprising:

a communications interface;

at least one processor coupled to the communications interface; and

a memory coupled to the at least one processor and storing programming instructions for execution by the at least one processor, the programming instructions instruct the at least one processor to:

receive, by using the communications interface, from a terminal device storing user consent information of a user, a consent update message indicating update of the user consent information; and

update, based on the update of the user consent information, a privacy setting associated with user data of the user stored in the network device.
A computer-readable storage medium having instructions stored thereon that, when executed by one or more processors of a computing device, cause the computing device to perform the method of any of claims 1-25.