WO2025099504A1

WO2025099504A1 - Zero trust for ambient internet of things devices

Info

Publication number: WO2025099504A1
Application number: PCT/IB2024/058101
Authority: WO
Inventors: Konstantinos Vandikas; Lackis ELEFTHERIADIS; Scott PORETSKY; Athanasios KARAPANTELAKIS; Zhongwen Zhu; Hossein SHOKRI GHADIKOLAEI
Original assignee: Telefonaktiebolaget LM Ericsson AB
Current assignee: Telefonaktiebolaget LM Ericsson AB
Priority date: 2023-11-06
Filing date: 2024-08-20
Publication date: 2025-05-15
Anticipated expiration: 2026-05-06

Abstract

A method performed by a network node is provided. The method includes transmitting (408), to a first, ambient Internet of Things (loT), device, a first beam; and receiving (410) a first measurement of the first device on the first beam. The method further includes determining (412) whether the first device is trusted based on whether the first measurement is from a dominant beam based on whether at least a second device sent a second measurement by the second device of a same type as the first measurement that is within a specified range of the first measurement. The method further includes, when the first device is trusted, generating (414) a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an IP address for the first device. Related methods and apparatus are also provided.

Description

Zero Trust For Ambient Internet Of Things Devices

TECHNICAL FIELD

[0001] The present disclosure relates generally to a method performed by a network node device to determine whether an ambient Internet of Things (loT) device is trusted and, when trusted, generate a virtual networking stack for the ambient loT device that emulates at least one of a physical device address and an internet protocol (IP) address for the ambient loT, and related methods and devices.

BACKGROUND

[0002] Ambient loT devices (e.g., zero energy (ZE) devices) are expected to become first class citizens in fifth generation (5G) advanced networks and beyond. Such devices typically may be designed to be inexpensive and allow for obtaining measurements using very little power. As such they may be good candidates for use cases which involve unattended operation of ambient loT devices (which also may be referred to herein as user equipment (UE) or ZE devices) such as precision agriculture, environmental monitoring (e.g., forest fires), and beyond.

SUMMARY

[0003] There currently exist certain challenge(s). Given that ambient loT devices may have very limited capabilities, typically, they cannot afford a proper security stack with the same capabilities normally found in regular UEs that are equipped with greater processing capability and larger batteries. For example, harvesting enough energy to perform the encryption expected by a Third Generation Partnership Project (3GPP) infrastructure can take days for an ambient loT device. Moreover, prioritizing the ambient loT device’s regular operation towards harvesting enough energy to perform encryption may obstruct the device’s intended function of obtaining certain environmental measurements.

[0004] Certain aspects of the disclosure and their embodiments may provide solutions to these or other challenges.

[0005] Some embodiments provide a method performed by a network node. The method includes transmitting, to a first, ambient loT, device, a first beam from a plurality of beams; and receiving, from the first device, a first measurement of the first device on the first beam. The method further includes determining whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement. The method further includes, when the first device is trusted, generating a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

[0006] Other embodiments provide a network node. The network node includes processing circuitry; and memory coupled with the processing circuitry. The memory includes instructions that when executed by the processing circuitry causes the network node to perform operations. The operations include to transmit, to a first, ambient loT, device, a first beam from a plurality of beams; and to receive, from the first device, a first measurement of the first device on the first beam. The operations further include to determine whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement. The operations further include to, when the first device is trusted, generate a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

[0007] Some embodiments provide a non-transitory computer readable medium. The non- transitory computer readable medium includes program code to be executed by processing circuitry of a network node. Execution of the program code causes the program code to perform operations. The operations include to transmit, to a first, ambient loT, device, a first beam from a plurality of beams; and to receive, from the first device, a first measurement of the first device on the first beam. The operations further include to determine whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement. The operations further include to, when the first device is trusted, generate a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

[0008] Certain embodiments may provide one or more of the following technical advantage(s). Based on determining whether a device is trusted and generating a virtual network stack for the first device that emulates at least one of a physical device address (e.g., a medium access control (MAC) address) and an IP address when the device is trusted, the method may allow a 3GPP network, for example, to verify the input that is coming from (and towards) such ambient loT devices before propagating such information further and without placing strict requirements on the ambient loT devices. Additionally, this capability also may be used to determine potential malfunctions in such ambient loT devices, thus, introducing a maintenance mechanism which is opaque to the actual infrastructure that manages the ambient loT devices. Further, the inclusion of a virtual network stack emulated on the network node (e.g., a gNB) may allow other devices to interact with ambient loT devices transparently and agnostically to their true nature.

BRIEF DESCRIPTION OF THE DRAWINGS

[0009] The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this application, illustrate certain non-limiting embodiments of the present disclosure. In the drawings:

[0010] Figure 1 is a schematic diagram of an example of a high-level overview of communication system in accordance with some embodiments;

[0011] Figure 2 is a sequence diagram showing an example of operations in accordance with some embodiments;

[0012] Figure 3 is a sequence diagram showing an example of further operations in accordance with some embodiments;

[0013] Figure 4 is a flow chart illustrating operations of a network node according to some embodiments;

[0014] Figure 5 is a block diagram of a communication system in accordance with some embodiments;

[0015] Figure 6 is a block diagram of a device (e.g., an ambient loT device) according to some embodiments;

[0016] Figure 7 is a block diagram of a network node according to some embodiments; and

[0017] Figure 8 is a block diagram of a virtualization environment in accordance with some embodiments.

DETAILED DESCRIPTION

[0018] Some of the embodiments contemplated herein will now be described more fully with reference to the accompanying drawings. Embodiments are provided by way of example to convey the scope of the subject matter to those skilled in the art, in which examples of embodiments of the present disclosure are shown. Inventive concepts may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the present disclosure to those skilled in the art. It should also be noted that these embodiments are not mutually exclusive. Components from one embodiment may be tacitly assumed to be present/used in another embodiment.

[0019] Operations of examples herein may enhance a network node (e.g., a base station, such as a gNodeB (gNB)) with a capability to determine if a measurement obtained by an ambient loT device is valid (e.g., produces a reading that matches or is similar to (e.g., within a threshold) a real observation) or not without the need for an authentication/authorization and accounting (AAA) stack which such devices typically cannot afford. Further, a networking stack for ambient loT devices can be generated that is hosted in the network node, which compensates for the features that such ambient loT devices cannot afford such as a MAC layer and IP connectivity, for example.

[0020] Examples include a process for authentication/authorization and accounting which uses physical layer communication properties, such as synchronization signal blocks and neighboring device measurement, to ascertain validity of an ambient loT device and based on that simulate an IP/MAC layer for ambient loT device on a network node.

[0021] An air interface/physical layer for ambient loT devices may include/address at least the following points: (1) a network node that wirelessly transmits power to an ambient loT device for the device to perform its function and to signal its input back to the network node; (2) obtaining power at an ambient loT device by harvesting nearby radio frequency (RF) signals; and/or (3) ambient loT devices may not rely on typical UE-measurement-based (e.g., channel quality indicator (CQI)) mechanisms for establishing a physical channel to the network node since that may drain power. Instead, ambient loT devices may transmit their input as soon as they have sufficient power without being granted a communication slot. However, and as opposed to ultrareliable low latency communications (URLLC) type of communication for example, an ambient loT device transmission pattern may not necessarily be random, but instead may be controlled by the network node due to the first point.

[0022] Operations of some examples herein take these points into consideration. Operations herein may apply to a static ambient loT device whose location does not change, and/or to a mobile ambient loT device by combining, e.g., ZE profile information for the ambient loT device from multiple network nodes collaboratively.

[0023] Figure 1 is a schematic diagram of an example of a high-level overview of communication system in accordance with some embodiments. Figure 1 includes a network node 100 that sends several beams (e.g., synchronization signal blocks (SSBs) indexes or identifiers (Ssb_ids 1-4)) to different ambient loT devices 102a-102f (any one or more of which may be referred to herein as ambient loT device 102). In one example, ambient loT devices 102a, 102b, 102c, and 102d include thermometer and ambient loT devices 102e and 102f include a moisture sensor. The ambient loT device 102 that acquires each beam uses that information to send a signal back to the network node 100 with its corresponding measurement (e.g., temperature or moisture measurement) and information (e.g., a parity check) that identifies to the network node whether the measurement from the ambient loT device 102 was received successfully at the network node 100. If the network node 100 can read the measurement, the measurement is recorded along with the beam that was used. Over time, using this pattern, the dominant beam will be identified for each ambient loT device 102. Using this information, the different ambient loT devices 102 can be clustered based on their beam and their type. In the example in Figure 1 , the ambient loT devices are clustered into cluster A that includes ambient loT devices 102e and 102f, and cluster B that includes ambient loT devices 102a, 102b, 102c, 102d. Using the clustering information, the measurements obtained by similar devices in a cluster are compared to be able to distinguish outliers (ambient loT devices 102 that are untrusted devices). Ambient loT devices 102 that are not outliers (ambient loT devices that are trusted)are eligible to send their information further, e.g. to a public internet, using the user plane while the untrusted ambient loT devices 102 are marked/identified by the network node.

[0024] Some examples include a process having three phases. The first phase includes data collection where every beam (defined by a SSB index (or SSB id)) is associated with a response from an ambient loT device 102 that contains a number of bits with the device’s identity and the measurement obtained by the device 102. In this communication pattern, the network node 100 does not know where the ambient loT device 102 is located, and the ambient loT device 102 does not know which beam is the best. Thus, the first phase may include a trial-and-error process where the ambient loT device tries to communicate to the network node 100 using every beam the ambient loT device 102 receives (given enough power, for example). In this context, a trial-and- error process may be tolerated given redundancy in ambient loT devices that increases a likelihood that at least some ambient loT devices will obtain a beam, and use the beam in a backscatter manner to network node 100. As such, some attempts to communicate with the network node 100 may fail while other attempts may be successful since they come back from the best beam. Over time, the network node may learn those beams and can re-use the beams. Thus, this association can be used to establish communication between the network node 100 and the ambient loT device 102. [0025] In accordance with the first point discussed herein, the ambient loT device 102 may acquire that signal, and the power that the signal carries, and use that power/energy and the corresponding uplink-channel to transmit back to the network node 100. Several such measurements may be obtained from the same ambient loT device 102, and the measurements can be timestamped at the network node 100 when they are received. Since these beams may not be optimal, information received from each ambient loT device 102 may be incorrect. Thus, a check process ( e.g., an error detection mechanism such as parity check) may be used to identify such a problem and, consequently, accept or reject each transmission.

[0026] The network node 100 differentiates between different ambient loT devices 102 based on the device 102 id, which is transmitted by respective ambient loT devices 102 and from the dominant beam. The dominant beam is the beam that, when used by the ambient loT device 102, the beam is likely to be received by the network node 100 (e.g., without any errors in a parity check).

[0027] In some examples, the trial-and-error approach described in the first phase may be improved if each ambient loT device 102 has sufficient memory to maintain information on specific (e.g., standardized) reference signals that can be used to identify the best beam unilaterally, which may allow the ambient loT device(s) 102 to be more selective.

[0028] In the second phase, a profile may be constructed for each ambient loT device 102. For example, the profiled may be constructed by identifying an average measurement (m) for a given timespan (start, end period) and then associate the average measurement m and the timespan with the ssb_id (beam) that is close to that measurement m within a margin of error (a) for the given ambient loT device 102.

[0029] This association can be used to identify the beam that is most likely to carry the correct measurement for the given point in time and for the given device 102, thus, ruling out other beams. Indirectly this also may provide some information about the location of the ambient loT device 102. Alternatively or additionally, to averaging other statistical measures may be applied such as, for example, minmax, 90% percentile, statistical dispersion metrics (e.g., standard deviation), Z- score, and machine learning (ML) model for outlier detection (such as isolation forest, for example) may be applied to provide more sophisticated methods of identifying correct (or valid) from incorrect (or invalid) input. The ML model may be used to create the association (e.g., a ZE profile) for each ambient loT device 102.

[0030] An example of information that is compiled in the association Is shown in the following table, which may be referred to an a ZE profile table:

[0031] Due to constraints in their transmission, the type of the ambient loT device 102 may not be known. In this situation, a classification process may be used to determine the type of the ambient loT device 102 based on its input.

[0032] In the third phase, given the association (e.g., a ZE profile constructed in phase 2), the association can be used to determine if a given measurement is valid or not (which indicates whether the corresponding ambient loT device 102 is trusted or not). For example, a measurement m from a device type for a given timestamp is valid if it is coming from (it has been obtained) by the dominant SSB id based on the device’s 102 profile for the given period and if other devices 102 of the same type in the same area (as determined by the SSB id) yield similar measurements. If that is the case, the network node 100 can identify this measurement positively (pos) and send the packet further in the network by tagging the packet with its simulated MAC address since the ambient loT device 102 lacks one. Because respective ambient loT devices 102 obtain a MAC address in this manner, this information can be further used for actuation purposes.

[0033] In some examples, if the measurement is identified as negative, the network node 100 may: (1) put the ambient loT device 102 on probation. For example, the network node 100 may continue to monitor, for a duration of a monitoring period, the responses of the ambient loT device 102 that were rejected; or (2) if the number of ambient loT device(s) 102 responses that are erroneous exceed a threshold for the duration of the monitoring period, the network node 100 may no longer send SSB to this ambient loT device 102. In this case, the ambient loT device 102 may be put in quarantine (e.g., responses will be postponed for a period or indefinitely).

[0034] A logical entity profiling and investigating the validity of ambient loT device 102 responses may be decoupled from the network node 100 itself. For example, it may be placed in an edge cloud.

[0035] Figure 2 is a sequence diagram showing an example of operations in accordance with some embodiments. Figure 2 includes an example of the three phases: phase 1 for collecting 200 data, which includes operations 202-210; phase 3 for building a device profile 212, which includes operations 214 and 216; and phase 3 for determining 218 whether the ambient loT device(s) 102 is trusted or not, which includes operations 220-232.

[0036] As shown in the example in Figure 2, operations 202-210 of phase 1 are performed in a loop for respective SSBs in a plurality of SSBs. The loop includes, for respective ambient loT devices 102, to transmit 202 a beam (SSB) from network node 100 to the respective ambient loT device 102. In operation 204, the ambient loT device 102 acquires the beam and power; and in operation 206, the ambient loT device 102 transmits a measurement m regarding the environment to the network node 100. In operations 208 and 210, the network node 100 timestamps the measurement m, identifies a type of the measurement m, reads the measurement m; and appends the timestamp to the type of measurement m, the measurement m, and the ssb_id of the beam. Additionally or alternatively, more measurements may be obtained and an average of the measurements, plus or minus a standard deviation for example, may be communicated.

[0037] As further shown in the example in Figure 2, operations 214 and 216 of phase 2 are performed in a loop for the respective types of measurements m and the respective timespans. In operation 214, the network node 100 builds an association (e.g., a profiles for the respective ambient loT devices 102) that associates the type of measurement m, the timespan, and an average of measurements m. In operation 216, the network node 100 further includes the dominant SSB in the association.

[0038] Further, as shown in Figure 2, operations 220-232 of phase 3 are performed. In operation 220, network node 100 transmits a beam (SSB) to a ambient loT device 102. In operation 222, the ambient loT device 102 acquires the beam and power; and in operation 224, the ambient loT device 102 transmits a measurement m regarding the environment to the network node 100. In operations 226 and 228, the network node 100 timestamps the measurement m, identifies a type of the measurement m, reads the measurement m; and appends the timestamp to the type of measurement m, the measurement m, and the ssb_id of the beam.

[0039] A measurement m from a device type for a given timestamp is valid if it is coming from (it has been obtained) by the dominant SSB id based on the ambient loT device’s 102 profile for the given period and if other ambient loT devices 102 of the same type in the same area (as determined by the SSB id) yield similar measurements m. If that is the case, in an alternative, network node 100 performs operations 230 and 232. In operation 230, the network node 100 identifies this measurement m positively (pos) and can send the packet further in the network by tagging the packet with a simulated MAC address since the ambient loT device 102 lacks one. Because respective ambient loT devices 102 obtain a MAC address in this manner, this information can be further used for actuation purposes. Otherwise, in operation 232, the network node 100 identifies the measurement negatively (neg), which indicates that the ambient loT device 102 is not trusted.

[0040] Thus, as shown in operations 220-228 and/or 230, 232 of Figure 2, ambient loT devices 102 that are identified as providing valid measurements m (e.g., a measurement that is the same/similar to their neighbor(s)) are eligible to obtain an IP and MAC address. This authorization process does not necessitate a full-fledged AAA stack which may be too expensive to implement in an ambient loT device 102. Thus, in examples herein, an ambient loT device 102 is authorized/authenticated and accounted for when its measurement m agrees with a measurement of a neighboring similar ambient loT device(s) 102. A technical advantage of this process may include that the process may force an attacker to obtain critical mass if the attacker is interested in hijacking this process based on deployment of a plurality of ambient loT device(s) 102.

[0041] Figure 3 is a sequence diagram showing an example of further operations in accordance with some embodiments. Taking into consideration the operations discussed with reference to Figure 2 which can be used to separate ambient loT devices 102 that obtain valid measurements (e.g., similar measurements as a neighbor ambient loT device(s) 102) from outliers, the process illustrated in Figure 3 can be used to associate a MAC address and IP address with those ambient loT devices 102.

[0042] As shown in Figure 3, operations 302-314 are performed to register an ambient loT device 102a. In operation 302, network node 100 transmits a beam (SSB) to ambient loT device 102a. In operation 304, ambient loT device 102a acquires the beam and power; and, in operation 306, transmits a measurement m to network node 100. In operation 308, network node 100 registers the measurement m and a MAC address for the ambient loT device 102a. In operation 310, network node 100 transmits a request to a dynamic host configuration protocol (DHCP) server 300 to dynamically assign an IP address to a virtual ambient loT device 102a. DHCP server 300 responds, in operation 312, with the IP address. In operation 314, network node 100 associates the measurement m, the MAC address, and the IP address.

[0043] Operation 316, operation 318, and/or operation 320 of Figure 3 show examples of interaction with a nearby ambient loT device 102b. In operation 316, ambient loT device 102b sends a request to an IP address for ambient loT device 102b to collect data. In an alternative, in operation 318, network node 100 uses the dominant beam (SSB) to ask ambient loT device 102b for a measurement m. In another alternative, in operation, 320, network node 100 receives from the IP address for ambient loT device 102b a command to collect data for a measurement. [0044] Figure 4 is a flow chart illustrating operations of a method performed by a network node according to some embodiments. In some embodiments, the method includes transmitting (408), to a first, ambient loT, device, a first beam from a plurality of beams; and receiving (410), from the first device, a first measurement of the first device on the first beam. The method further includes determining (412) whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement. The method further includes, when the first device is trusted, generating (414) a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

[0045] Different beams may be identified at the network node based on using a phase and amplitude of the signal at each transmitter/receiver in an antenna of the network node.

[0046] In some embodiments, the method further includes communicating (420) with at least one of the second device and a third device with the virtual networking stack.

[0047] In other embodiments, the method further includes, when the first device is not trusted, identifying (416) the first device as not trusted.

[0048] In still other embodiments, the method further includes collecting (400) data from at least the first device to establish communication with the first device. Collecting (400) the data can include transmitting a plurality of beams that respectively have an identifier to the first device, and (ii) for each respective beam in the plurality of beams, receiving a response from the first device that includes a first device identifier, a measurement of the first device, and an information for the respective beams from which the dominant beam from the plurality of beams is identified. Moreover, the collecting (400) data can include receiving an identity of the dominant beam from the first device. The dominant beam can be used for the communication with the first device. The information can include a parity check that identifies to the network node whether the measurement from the first device was received successfully at the network node.

[0049] In some embodiments, the method further includes generating (402) the association for at least the first device the second device including, per device, at least an identifier for the device, an average of measurements received from the device over a period of time, and an identifier of a beam on which the network node received the measurements. In some embodiments respective measurements in the average of measurements respectively are within a specified margin of error. The association can further include a location of the first device. The location of the first device may be obtained from a global positioning system (GPS) location or by measuring a time of arrival of one or more acquired beams, for example. The association can further include a type of the first device.

[0050] In some embodiments, the association includes a profile for the first device. The profile can be hosted in a unified data management, UDM, node.

[0051] In other embodiments, the method further includes determining (404) a type of the first device based on the average measurement; and adding (406) the type of the first device to the association.

[0052] Communicating (420) can include sending the first measurement tagged with the physical device address to at least one of the second device and the third device.

[0053] In still other embodiments, the method further includes, when the first device is not trusted, performing (418) at least one of (i) monitoring responses of the first device for a period of time, and (ii) when a number of the responses exceed a defined threshold for the period of time, quarantining the first device.

[0054] The first measurement and the second measurement can include an environmental measurement.

[0055] In some embodiments, the first beam includes a SSB index or SSB identifier.

[0056] In some embodiments, the network node includes at least one of a base station and an edge cloud node.

[0057] Various operations from the flow chart of Figure 4 may be optional with respect to some embodiments of network nodes and related methods. For example, the operations of blocks 400-406 and 416-420 may be optional.

[0058] An example evaluation was performed. The evaluation includes ten (10) ZE devices and one gNB using a process based discrete-event simulation. Further, the evaluation included two scenarios: a static and a dynamic radio environment. In the static environment, the same SSB held for every data transmission for each ZE device for the entirety of the simulation. In the dynamic environment, the SSB changed dynamically upon every request. Two different processes were implemented for SSB selection: random, which asked the gNB to choose a random SSB and retry until the gNB finds the right one; and Upper Confidence Bound (UCB) which used an upper confidence bound process to learn from previous attempts on what is the best SSB.

[0059] Starting with the static environment, the results are shown below:

[0060] As shown in the above table, in the static environment, the random approach did not perform as well as the UCB. UCB performed well since, once the right SSB was learned it was reused and it never changed.

[0061] The dynamic environment results are shown below:

[0062] As shown in the above table, the UCB approach performed better than the random approach. The UCB approach had a success of about 0.8 (that is, out of 100 attempts, it found the right SSB 80 times).

[0063] While UCB performed better than random selection in this evaluation, the results of the example evaluation show that either random selection or selection based on UCB, for example, may be used.

[0064] Operations herein may not increase energy demand on the ambient loT devices, and there may be a minimal increased energy demand on the network node 100 to support the virtual stack. For example, over time, the network node 100 is expected to communicate with static ambient loT devices 102 using the dominant SSB and, as such, refrain from using other beams. This may reduce the energy consumption impact on the ambient loT devices 102. Additionally, the ambient loT devices may be powered by the network node 100.

[0065] Over time, radio conditions may affect the dominant SSB but not the measurements since the measurements are sent with a parity code, for example. Thus, as discussed herein, the process identifies the dominant SSB and, as such, can adapt over time.

[0066] Operations of a network node can be performed by the device 7300 of Figure 7. Operations of the network node (implemented using the structure of Figure 7) have been discussed with reference to the flow chart of Figure 4 according to some embodiments of the present disclosure. For example, modules may be stored in memory 7304 of Figure 7, and these modules may provide instructions so that when the instructions of a module are executed by respective network node processing circuitry 7302, network node 7300 performs respective operations of the flow chart of Figure 4.

[0067] As shown in Figure 7, the network node 7300 includes processing circuitry 7302 that is operatively coupled to memory 7304, communication interface 7306, and/or any other component, or any combination thereof. Certain network nodes may utilize all or a subset of the components shown in Figure 7. The level of integration between the components may vary from one network node to another network node. Further, certain computer devices may contain multiple instances of a component, such as multiple processors, memories, computational models, RL models, etc.

[0068] The processing circuitry 7302 is configured to process instructions and data and may be configured to implement any sequential state machine operative to execute instructions stored as machine-readable computer programs in the memory 7304. The processing circuitry 7302 may be implemented as one or more hardware-implemented state machines (e.g., in discrete logic, field-programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), etc.); programmable logic together with appropriate firmware; one or more stored computer programs, general-purpose processors, such as a microprocessor or digital signal processor (DSP), together with appropriate software; or any combination of the above. For example, the processing circuitry 7302 may include multiple central processing units (CPUs).

[0069] In the example, the communication interface 7306 may be configured to provide an interface or interfaces to an input device, output device, or one or more input and/or output devices. Examples of an output device include a display, a monitor, a printer, another output device, or any combination thereof. An input device may allow a user to capture information into the network node 7300. Examples of an input device include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, a digital video camera, a web camera, etc.), a microphone, a sensor, a mouse, a trackball, a directional pad, a trackpad, a scroll wheel, a smartcard, and the like. The presence-sensitive display may include a capacitive or resistive touch sensor to sense input from a user. A sensor may be, for instance, a force sensor, an optical sensor, a proximity sensor, a biometric sensor, etc., or any combination thereof. An output device may use the same type of interface port as an input device. For example, a Universal Serial Bus (USB) port may be used to provide an input device and an output device.

[0070] The memory 7304 may be or be configured to include memory such as random access memory (RAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic disks, optical disks, hard disks, removable cartridges, flash drives, and so forth. In one example, the memory 7304 includes one or more application programs, such as an operating system, web browser application, a widget, gadget engine, or other application, and corresponding data. The memory 7304 may store, for use by the network node 7300, any of a variety of various operating systems or combinations of operating systems. [0071] The memory 7304 may be configured to include a number of physical drive units, such as redundant array of independent disks (RAID), flash memory, USB flash drive, external hard disk drive, thumb drive, pen drive, key drive, high-density digital versatile disc (HD-DVD) optical disc drive, internal hard disk drive, Blu-Ray optical disc drive, holographic digital data storage (HDDS) optical disc drive, external mini-dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro-DIMM SDRAM, smartcard memory such as tamper resistant module in the form of a universal integrated circuit card (UICC) including one or more subscriber identity modules (SIMs), such as a USIM and/or ISIM, other memory, or any combination thereof. The UICC may for example be an embedded UICC (eUICC), integrated UICC (iUICC) or a removable UICC commonly known as ‘SIM card.’ The memory 7304 may allow the network node 7300 to access instructions, application programs and the like, stored on transitory or non-transitory memory media, to off-load data, or to upload data. An article of manufacture, such as one utilizing a communication system may be tangibly embodied as or in the memory 7304 which may be or comprise a device -readable storage medium.

[0072] The processing circuitry 7302 may be configured to communicate with a network using the communication interface 7306. The communication interface 7306 may comprise one or more communication subsystems. The communication interface 7306 may include one or more transceivers used to communicate, such as by communicating with one or more remote transceivers of another device capable of wireless communication (e.g., another network node, edge node, cloud node, etc.). Each transceiver may include a transmitter and/or a receiver appropriate to provide network communications (e.g., optical, electrical, and so forth).

[0073] In the illustrated embodiment, communication functions of the communication interface 7306 may include cellular communication, Wi-Fi communication, LPWAN communication, data communication, voice communication, multimedia communication, short- range communications such as Bluetooth, near-field communication, location-based communication such as the use of the global positioning system (GPS) to determine a location, another like communication function, or any combination thereof. Communications may be implemented according to one or more communication protocols and/or standards, such as IEEE 802.11, Code Division Multiplexing Access (CDMA), Wideband Code Division Multiple Access (WCDMA), GSM, LTE, New Radio (NR), UMTS, WiMax, Ethernet, transmission control protocol/internet protocol (TCP/IP), synchronous optical networking (SONET), Asynchronous Transfer Mode (ATM), QUIC, Hypertext Transfer Protocol (HTTP), and so forth.

[0074] Functions implemented by some embodiments may be virtualized. In the present context, virtualizing means creating virtual versions of apparatuses or network nodes which may include virtualizing hardware platforms, storage devices and networking resources. As used herein, virtualization can be applied to any device described herein, or components thereof, and relates to an implementation in which at least a portion of the functionality is implemented as one or more virtual components. Some or all of the functions described herein may be implemented as virtual components executed by one or more VMs implemented in one or more virtual environments hosted by one or more of hardware nodes, such as a hardware network node that operates as an edge node or cloud node. Further, in embodiments the virtual node may be entirely virtualized.

[0075] Applications (which may alternatively be called software instances, virtual appliances, network functions, virtual nodes, virtual network functions, etc.) can be run in the virtualization environment to implement some of the features, functions, and/or benefits of some of the embodiments disclosed herein.

[0076] Although the network nodes described herein may include the illustrated combination of hardware components, other embodiments may comprise network nodes with different combinations of components. It is to be understood that these network nodes may comprise any suitable combination of hardware and/or software needed to perform the tasks, features, functions and methods disclosed herein. Determining, calculating, obtaining or similar operations described herein may be performed by processing circuitry, which may process information by, for example, converting the obtained information into other information, comparing the obtained information or converted information to information stored in the network node, and/or performing one or more operations based on the obtained information or converted information, and as a result of said processing making a determination. Moreover, while components are depicted as single boxes located within a larger box, or nested within multiple boxes, in practice, network nodes may comprise multiple different physical components that make up a single illustrated component, and functionality may be partitioned between separate components. For example, a communication interface may be configured to include any of the components described herein, and/or the functionality of the components may be partitioned between the processing circuitry and the communication interface. In another example, non-computationally intensive functions of any of such components may be implemented in software or firmware and computationally intensive functions may be implemented in hardware.

[0077] In certain embodiments, some or all of the functionality described herein may be provided by processing circuitry executing instructions stored on in memory, which in certain embodiments may be a computer program product in the form of a non-transitory computer- readable storage medium. In alternative embodiments, some or all of the functionality may be provided by the processing circuitry without executing instructions stored on a separate or discrete device-readable storage medium, such as in a hard-wired manner. In any of those particular embodiments, whether executing instructions stored on a non-transitory computer-readable storage medium or not, the processing circuitry can be configured to perform the described functionality. The benefits provided by such functionality are not limited to the processing circuitry alone or to other components of the network node, but are enjoyed by the network node as a whole, and/or by end users and a wireless network generally.

[0078] In certain embodiments, a network node (100, 5110, 7300) is configured or adapted to perform some or all of the functionality described herein.

[0079] In certain embodiments, a non-transitory computer readable medium (7304) including program code to be executed by processing circuitry (7302) of a network node (100, 5110, 7300), whereby execution of the program code causes the network node to perform some or all of the functionality described herein.

[0080] Figure 5 shows an example of a communication system (which also may be referred to as a “communication network”) 5100 in accordance with some embodiments.

[0081] In the example, the communication system 5100 includes a telecommunication network 5102 that includes an access network 5104, such as a RAN, and a core network 5106, which includes one or more core network nodes 5108. The access network 5104 includes one or more access network nodes, such as network nodes 5110a and 5110b (one or more of which may be generally referred to as network nodes 5110), or any other similar 3^rd Generation Partnership Project (3GPP) access node or non-3GPP access point. The network nodes 5110 facilitate direct or indirect connection of user equipment (UE) (which can include a device such as an ambient loT device), such as by connecting UEs 5112a, 5112b, 5112c, and 5112d (one or more of which may be generally referred to as UEs 5112) to the core network 5106 over one or more wireless connections.

[0082] Example wireless communications over a wireless connection include transmitting and/or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and/or other types of signals suitable for conveying information without the use of wires, cables, or other material conductors. Moreover, in different embodiments, the communication system 5100 may include any number of wired or wireless networks, network nodes, UEs, and/or any other components or systems that may facilitate or participate in the communication of data and/or signals whether via wired or wireless connections. The communication system 5100 may include and/or interface with any type of communication, telecommunication, data, cellular, radio network, and/or other similar type of system. [0083] The UEs 5112 may be any of a wide variety of communication devices, including wireless devices such as ambient loT devices arranged, configured, and/or operable to communicate wirelessly with the network nodes 5110 and other communication devices. Similarly, the network nodes 5110 are arranged, capable, configured, and/or operable to communicate directly or indirectly with the UEs 5112 and/or with other network nodes or equipment in the telecommunication network 5102 to enable and/or provide network access, such as wireless network access, and/or to perform other functions, such as administration in the telecommunication network 5102.

[0084] In the depicted example, the core network 5106 connects the network nodes 5110 to one or more hosts, such as host 5116. These connections may be direct or indirect via one or more intermediary networks or devices. In other examples, network nodes may be directly coupled to hosts. The core network 5106 includes one more core network nodes (e.g., core network node 5108) that are structured with hardware and software components. Features of these components may be substantially similar to those described with respect to the UEs, network nodes, and/or hosts, such that the descriptions thereof are generally applicable to the corresponding components of the core network node 5108. Example core network nodes include functions of one or more of a Mobile Switching Center (MSC), Mobility Management Entity (MME), Home Subscriber Server (HSS), Access and Mobility Management Function (AMF), Session Management Function (SMF), Authentication Server Function (AUSF), Subscription Identifier De-concealing function (SIDE), Unified Data Management (UDM), Security Edge Protection Proxy (SEPP), Network Exposure Function (NEF), and/or a User Plane Function (UPF).

[0085] The host 5116 may be under the ownership or control of a service provider other than an operator or provider of the access network 5104 and/or the telecommunication network 5102, and may be operated by the service provider or on behalf of the service provider. The host 5116 may host a variety of applications to provide one or more service. Examples of such applications include live and pre-recorded audio/video content, data collection services such as retrieving and compiling data on various ambient conditions detected by a plurality of UEs, analytics functionality, social media, functions for controlling or otherwise interacting with remote devices, functions for an alarm and surveillance center, or any other such function performed by a server.

[0086] As a whole, the communication system 5100 of Figure 5 enables connectivity between the UEs, network nodes, and hosts. In that sense, the communication system may be configured to operate according to predefined rules or procedures, such as specific standards that include, but are not limited to: Global System for Mobile Communications (GSM); Universal Mobile Telecommunications System (UMTS); Long Term Evolution (LTE), and/or other suitable 2G, 3G, 4G, 5G standards, or any applicable future generation standard (e.g., 6G); wireless local area network (WLAN) standards, such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards (WiFi); and/or any other appropriate wireless communication standard, such as the Worldwide Interoperability for Microwave Access (WiMax), Bluetooth, Z-Wave, Near Field Communication (NFC) ZigBee, LiFi, and/or any low-power wide-area network (LPWAN) standards such as LoRa and Sigfox.

[0087] In some examples, the telecommunication network 5102 is a cellular network that implements 3GPP standardized features. Accordingly, the telecommunications network 5102 may support network slicing to provide different logical networks to different devices that are connected to the telecommunication network 5102. For example, the telecommunications network 5102 may provide URLLC services to some UEs, while providing eMBB services to other UEs, and/or mMTC/Massive loT services to yet further UEs.

[0088] In some examples, the UEs 5112 are configured to transmit and/or receive information without direct human interaction. For instance, a UE may be designed to transmit information to the access network 5104 on a predetermined schedule, when triggered by an internal or external event, or in response to requests from the access network 5104. Additionally, a UE may be configured for operating in single- or multi-RAT or multi-standard mode. For example, a UE may operate with any one or combination of Wi-Fi, NR and LTE, i.e. being configured for multi-radio dual connectivity (MR-DC), such as E-UTRAN (Evolved-UMTS Terrestrial Radio Access Network) New Radio - Dual Connectivity (EN-DC).

[0089] In the example, the hub 5114 communicates with the access network 5104 to facilitate indirect communication between one or more UEs (e.g., UE 5112c and/or 5112d) and network nodes (e.g., network node 5110b). In some examples, the hub 5114 may be a controller, router, content source and analytics, or any of the other communication devices described herein regarding UEs. For example, the hub 5114 may be a broadband router enabling access to the core network 5106 for the UEs. As another example, the hub 5114 may be a controller that sends commands or instructions to one or more actuators in the UEs. Commands or instructions may be received from the UEs, network nodes 5110, or by executable code, script, process, or other instructions in the hub 5114. As another example, the hub 5114 may be a data collector that acts as temporary storage for UE data and, in some embodiments, may perform analysis or other processing of the data. As another example, the hub 5114 may be a content source. For example, for a UE that is a VR headset, display, loudspeaker or other media delivery device, the hub 5114 may retrieve VR assets, video, audio, or other media or data related to sensory information via a network node, which the hub 5114 then provides to the UE either directly, after performing local processing, and/or after adding additional local content. In still another example, the hub 5114 acts as a proxy server or orchestrator for the UEs, in particular if one or more of the UEs are low energy loT devices.

[0090] The hub 5114 may have a constant/persistent or intermittent connection to the network node 5110b. The hub 5114 may also allow for a different communication scheme and/or schedule between the hub 5114 and UEs (e.g., UE 5112c and/or 5112d), and between the hub 5114 and the core network 5106. In other examples, the hub 5114 is connected to the core network 5106 and/or one or more UEs via a wired connection. Moreover, the hub 5114 may be configured to connect to an M2M service provider over the access network 5104 and/or to another UE over a direct connection. In some scenarios, UEs may establish a wireless connection with the network nodes 5110 while still connected via the hub 5114 via a wired or wireless connection. In some embodiments, the hub 5114 may be a dedicated hub - that is, a hub whose primary function is to route communications to/from the UEs from/to the network node 5110b. In other embodiments, the hub 5114 may be a non-dedicated hub - that is, a device which is capable of operating to route communications between the UEs and network node 5110b, but which is additionally capable of operating as a communication start and/or end point for certain data channels.

[0091] Figure 6 shows a device 6200 (e.g., a UE, an ambient loT device, etc.). Ambient loT devices typically may be designed to be inexpensive and allow for obtaining measurements using very little power. Given that ambient loT devices may have very limited capabilities, typically, they cannot afford a proper security stack with the same capabilities normally found in regular devices/UEs that are equipped with greater processing capability and larger batteries.

[0092] The device 6200 includes processing circuitry 6202 that is operatively coupled via a bus 6204 to an input/output interface 6206, a power source 6208, a memory 6210, a communication interface 6212, and/or any other component, or any combination thereof. While an ambient loT device may include some or all of these components, an ambient loT device may have limited capabilities with respect to one or more of the components, e.g., a smaller battery, less processing capability, less memory. Thus, certain devices may utilize all or a subset of the components shown in Figure 6. The level of integration between the components may vary from one device to another device. Further, certain devices may contain multiple instances of a component, such as multiple processors, memories, transceivers, transmitters, receivers, etc.

[0093] The processing circuitry 6202 is configured to process instructions and data and may be configured to implement any sequential state machine operative to execute instructions stored as machine-readable computer programs in the memory 6210. The processing circuitry 6202 may be implemented as one or more hardware-implemented state machines (e.g., in discrete logic, field-programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), etc.); programmable logic together with appropriate firmware; one or more stored computer programs, general-purpose processors, such as a microprocessor or digital signal processor (DSP), together with appropriate software; or any combination of the above. For example, the processing circuitry 6202 may include multiple central processing units (CPUs).

[0094] In the example, the input/output interface 6206 may be configured to provide an interface or interfaces to an input device, output device, or one or more input and/or output devices. Examples of an output device include a speaker, a sound card, a video card, a display, a monitor, a printer, an actuator, an emitter, a smartcard, another output device, or any combination thereof. An input device may allow a user to capture information into the device 6200. Examples of an input device include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, a digital video camera, a web camera, etc.), a microphone, a sensor, a mouse, a trackball, a directional pad, a trackpad, a scroll wheel, a smartcard, and the like. The presence-sensitive display may include a capacitive or resistive touch sensor to sense input from a user. A sensor may be, for instance, an accelerometer, a gyroscope, a tilt sensor, a force sensor, a magnetometer, an optical sensor, a proximity sensor, a biometric sensor, etc., or any combination thereof. An output device may use the same type of interface port as an input device. For example, a Universal Serial Bus (USB) port may be used to provide an input device and an output device.

[0095] In some embodiments, the power source 6208 is structured as a battery or battery pack. Other types of power sources, such as a photovoltaic device may be used. The power source 6208 may further include power circuitry for delivering power from the power source 6208 itself to the various parts of the device 6200 via input circuitry or an interface. Delivering power may be, for example, as discussed herein power received from a beam transmitted by a network node. Power circuitry may perform any formatting, converting, or other modification to the power from the power source 6208 to make the power suitable for the respective components of the device 6200 to which power is supplied.

[0096] The memory 6210 may be or be configured to include memory such as random access memory (RAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic disks, optical disks, hard disks, removable cartridges, flash drives, and so forth. In one example, the memory 6210 includes one or more application programs 6214, such as an operating system, web browser application, a widget, gadget engine, or other application, and corresponding data 6216. The memory 6210 may store, for use by the device 6200, any of a variety of various operating systems or combinations of operating systems. [0097] The memory 6210 may be configured to include a number of physical drive units, such as redundant array of independent disks (RAID), flash memory, USB flash drive, external hard disk drive, thumb drive, pen drive, key drive, high-density digital versatile disc (HD-DVD) optical disc drive, internal hard disk drive, Blu-Ray optical disc drive, holographic digital data storage (HDDS) optical disc drive, external mini-dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro-DIMM SDRAM, smartcard memory such as tamper resistant module in the form of a universal integrated circuit card (UICC) including one or more subscriber identity modules (SIMs), such as a USIM and/or ISIM, other memory, or any combination thereof. The UICC may for example be an embedded UICC (eUICC), integrated UICC (iUICC) or a removable UICC commonly known as ‘SIM card.’ The memory 6210 may allow the device 6200 to access instructions, application programs and the like, stored on transitory or non-transitory memory media, to off-load data, or to upload data. An article of manufacture, such as one utilizing a communication system may be tangibly embodied as or in the memory 6210, which may be or comprise a device-readable storage medium.

[0098] The processing circuitry 6202 may be configured to communicate with an access network or other network using the communication interface 6212. The communication interface 6212 may comprise one or more communication subsystems and may include or be communicatively coupled to an antenna 6222. The communication interface 6212 may include one or more transceivers used to communicate, such as by communicating with one or more remote transceivers of another device capable of wireless communication (e.g., another device or a network node in an access network). Each transceiver may include a transmitter 6218 and/or a receiver 6220 appropriate to provide network communications (e.g., optical, electrical, frequency allocations, and so forth). Moreover, the transmitter 6218 and receiver 6220 may be coupled to one or more antennas (e.g., antenna 6222) and may share circuit components, software or firmware, or alternatively be implemented separately.

[0099] In the illustrated embodiment, communication functions of the communication interface 6212 may include cellular communication, Wi-Fi communication, LPWAN communication, data communication, voice communication, multimedia communication, short- range communications such as Bluetooth, near-field communication, location-based communication such as the use of the global positioning system (GPS) to determine a location, another like communication function, or any combination thereof. Communications may be implemented in according to one or more communication protocols and/or standards, such as IEEE 802.11, Code Division Multiplexing Access (CDMA), Wideband Code Division Multiple Access (WCDMA), GSM, LTE, New Radio (NR), UMTS, WiMax, Ethernet, transmission control protocol/internet protocol (TCP/IP), synchronous optical networking (SONET), Asynchronous Transfer Mode (ATM), QUIC, Hypertext Transfer Protocol (HTTP), and so forth.

[0100] Regardless of the type of sensor, a device may provide an output of data captured by its sensors, through its communication interface 6212, via a wireless connection to a network node. Data captured by sensors of a device can be communicated through a wireless connection to a network node via another device, as discussed above. The output may be periodic (e.g., once every 15 minutes if it reports the sensed temperature), random (e.g., to even out the load from reporting from several sensors), in response to a triggering event (e.g., when moisture is detected an alert is sent), in response to a request (e.g., a user initiated request), etc.

[0101] A device in the form of an ambient loT device may be a device for use in one or more application domains, these domains comprising, but not limited to, home, city, wearable technology, extended reality, industrial application, and healthcare.

[0102] By way of example, the ambient loT device for a home, an office, a building or an infrastructure may be a baking scale, a coffee machine, a grill, a fridge, a refrigerator, a freezer, a microwave oven, an oven, a toaster, a water tap, a water heater, a water geyser, a sauna, a vacuum cleaner, a washer, a dryer, a dishwasher, a door, a window, a curtain, a blind, a furniture, a light bulb, a fan, an air-conditioner, a cooler, an air purifier, a humidifier, a speaker, a television, a laptop, a personal computer, a gaming console, a remote control, a vent, an iron, a steamer, a pressure cooker, a stove, an electric stove, a hair dryer, a hair styler, a mirror, a printer, a scanner, a photocopier, a projector, a hologram projector, a 3D printer, a drill, a hand-dryer, an alarm clock, a clock, a security camera, a smoke alarm, a fire alarm, a connected doorbell, an electronic door lock, a lawnmower, a thermostat, a plug, an irrigation control device, a flood sensor, a moisture sensor, a motion detector, a weather station, an electricity meter, a water meter, and a gas meter.

[0103] By further ways of example, the ambient loT device for use in a city, urban, or rural areas may be connected street lighting, a connected traffic light, a traffic camera, a connected road sign, an air control/monitor, a noise level detector, a transport congestion monitoring device, a transport controlling device, an automated toll payment device, a parking payment device, a sensor for monitoring parking usage, a traffic management device, a digital kiosk, a bin, an air quality monitoring sensor, a bridge condition monitoring sensor, a fire hydrant, a manhole sensor, a tarmac sensor, a water fountain sensor, a connected closed circuit television, a scooter, a hoverboard, a ticketing machine, a ticket barrier, a metro rail, a metro station device, a passenger information panel, an onboard camera, and other connected device on a public transport vehicle.

[0104] As further way of example, the ambient loT device may be a wearable device, or a device related to extended reality, wherein the device related to extended reality may be a device related to augmented reality, virtual reality, merged reality, or mixed reality. Examples of such ambient loT devices may be a smart-band, a tracker, a haptic glove, a haptic suit, a smartwatch, clothes, eyeglasses, a head mounted display, an ear pod, an activity monitor, a fitness monitor, a heart rate monitor, a ring, a key tracker, a blood glucose meter, and a pressure meter.

[0105] As further ways of example, the ambient loT device may be an industrial application device wherein an industrial application device may be an industrial unmanned aerial vehicle, an intelligent industrial robot, a vehicle assembly robot, and an automated guided vehicle.

[0106] As further ways of example, the ambient loT device may be a transportation vehicle, wherein a transportation vehicle may be a bicycle, a motor bike, a scooter, a moped, an auto rickshaw, a rail transport, a train, a tram, a bus, a car, a truck, an airplane, a boat, a ship, a ski board, a snowboard, a snow mobile, a hoverboard, a skateboard, roller-skates, a vehicle for freight transportation, a drone, a robot, a stratospheric aircraft, an aircraft, a helicopter and a hovercraft.

[0107] As further ways of example, the ambient loT device may be a health or fitness device, wherein a health or fitness device may be a surgical robot, an implantable medical device, a non- invasive medical device, and a stationary medical device which may be: an in-vitro diagnostic device, a radiology device, a diagnostic imaging device, and an x-ray device.

[0108] Further, the device 6200 may be a device capable, configured, arranged and/or operable to communicate wirelessly with network nodes and/or other devices (e.g., UEs). Other examples of a device include, but are not limited to, any UE identified by the 3rd Generation Partnership Project (3GPP), including a narrow band internet of things (NB-IoT) UE, a machine type communication (MTC) UE, etc.

[0109] A device may support device-to-device (D2D) communication, for example by implementing a 3GPP standard for sidelink communication, Dedicated Short-Range Communication (DSRC), vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), or vehicle-to- everything (V2X). In other examples, a device may not necessarily have a user in the sense of a human user who owns and/or operates the relevant device. Instead, a device may represent a device that is intended for sale to, or operation by, a human user but which may not, or which may not initially, be associated with a specific human user (e.g., a device for measuring a temperature in an environment). Alternatively, a device may represent a device that is not intended for sale to, or operation by, an end user but which may be associated with or operated for the benefit of a user (e.g., a device for measuring moisture in an environment).

[0110] A device in the form of an ambient loT device comprises circuitry and/or software in dependence of the intended application of the ambient loT device in addition to other components as described in relation to the device 6200 shown in Figure 6. [0111] Figure 8 is a block diagram illustrating a virtualization environment 8500 in which functions implemented by some embodiments may be virtualized. In the present context, virtualizing means creating virtual versions of apparatuses or devices which may include virtualizing hardware platforms, storage devices and networking resources. As used herein, virtualization can be applied to any device described herein, or components thereof, and relates to an implementation in which at least a portion of the functionality is implemented as one or more virtual components. Some or all of the functions described herein may be implemented as virtual components executed by one or more VMs implemented in one or more virtual environments 8500 hosted by one or more of hardware nodes, such as a hardware network node that operates as a network node, an ambient loT device, UE, core network node, or host. Further, in embodiments in which the virtual node does not require radio connectivity (e.g., a core network node or host), then the node may be entirely virtualized.

[0112] Applications 8502 (which may alternatively be called software instances, virtual appliances, network functions, virtual nodes, virtual network functions, etc.) are run in the virtualization environment 8500 to implement some of the features, functions, and/or benefits of some of the embodiments disclosed herein.

[0113] Hardware 8504 includes processing circuitry, memory that stores software and/or instructions executable by hardware processing circuitry, and/or other hardware devices as described herein, such as a network interface, input/output interface, and so forth. Software may be executed by the processing circuitry to instantiate one or more virtualization layers 8506 (also referred to as hypervisors or virtual machine monitors (VMMs)), provide VMs 8508a and 8508b (one or more of which may be generally referred to as VMs 8508), and/or perform any of the functions, features and/or benefits described in relation with some embodiments described herein. The virtualization layer 8506 may present a virtual operating platform that appears like networking hardware to the VMs 8508.

[0114] The VMs 8508 comprise virtual processing, virtual memory, virtual networking or interface and virtual storage, and may be run by a corresponding virtualization layer 8506. Different embodiments of the instance of a virtual appliance 8502 may be implemented on one or more of VMs 8508, and the implementations may be made in different ways. Virtualization of the hardware is in some contexts referred to as network function virtualization (NFV). NFV may be used to consolidate many network equipment types onto industry standard high volume server hardware, physical switches, and physical storage, which can be located in data centers, and customer premise equipment. [0115] In the context of NFV, a VM 8508 may be a software implementation of a physical machine that runs programs as if they were executing on a physical, non-virtualized machine. Each of the VMs 8508, and that part of hardware 8504 that executes that VM, be it hardware dedicated to that VM and/or hardware shared by that VM with others of the VMs, forms separate virtual network elements. Still in the context of NFV, a virtual network function is responsible for handling specific network functions that run in one or more VMs 8508 on top of the hardware 8504 and corresponds to the application 8502.

[0116] Hardware 8504 may be implemented in a standalone network node with generic or specific components. Hardware 8504 may implement some functions via virtualization. Alternatively, hardware 8504 may be part of a larger cluster of hardware (e.g. such as in a data center or CPE) where many hardware nodes work together and are managed via management and orchestration 8510, which, among others, oversees lifecycle management of applications 8502. In some embodiments, hardware 8504 is coupled to one or more radio units that each include one or more transmitters and one or more receivers that may be coupled to one or more antennas. Radio units may communicate directly with other hardware nodes via one or more appropriate network interfaces and may be used in combination with the virtual components to provide a virtual node with radio capabilities, such as a radio access node or a base station. In some embodiments, some signaling can be provided with the use of a control system 8512 which may alternatively be used for communication between hardware nodes and radio units.

[0117] Further definitions and embodiments are discussed below.

[0118] In the above-description of certain embodiments of the present disclosure, it is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present disclosure. Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which concepts of the present disclosure belong. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of this specification and the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

[0119] When an element is referred to as being “connected”, “coupled”, “responsive”, or variants thereof to another element, it can be directly connected, coupled, or responsive to the other element or intervening elements may be present. In contrast, when an element is referred to as being “directly connected”, “directly coupled”, “directly responsive”, or variants thereof to another element, there are no intervening elements present. Like numbers refer to like elements throughout. Furthermore, “coupled”, “connected”, “responsive”, or variants thereof as used herein may include wirelessly coupled, connected, or responsive. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. Well-known functions or constructions may not be described in detail for brevity and/or clarity. The term “and/or” (abbreviated “/”) includes any and all combinations of one or more of the associated listed items.

[0120] It will be understood that although the terms first, second, third, etc. may be used herein to describe various elements/operations, these elements/operations should not be limited by these terms. These terms are only used to distinguish one element/operation from another element/operation. Thus a first element/operation in some embodiments could be termed a second element/operation in other embodiments without departing from the teachings of concepts of the present disclosure. The same reference numerals or the same reference designators denote the same or similar elements throughout the specification.

[0121] As used herein, the terms “comprise”, “comprising”, “comprises”, “include”, “including”, “includes”, “have”, “has”, “having”, or variants thereof are open-ended, and include one or more stated features, integers, elements, steps, components, or functions but does not preclude the presence or addition of one or more other features, integers, elements, steps, components, functions, or groups thereof. Furthermore, as used herein, the common abbreviation “e.g.”, which derives from the Latin phrase “exempli gratia,” may be used to introduce or specify a general example or examples of a previously mentioned item, and is not intended to be limiting of such item. The common abbreviation “i.e.”, which derives from the Latin phrase “id est,” may be used to specify a particular item from a more general recitation.

[0122] Example embodiments are described herein with reference to block diagrams and/or flowchart illustrations of methods, apparatus (systems and/or devices) and/or computer program products. It is understood that a block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions that are performed by one or more computer circuits. These computer program instructions may be provided to a processor circuit of a general purpose computer circuit, special purpose computer circuit, and/or other programmable data processing circuit to produce a machine, such that the instructions, which execute via the processor of the computer and/or other programmable data processing apparatus, transform and control transistors, values stored in memory locations, and other hardware components within such circuitry to implement the functions/acts specified in the block diagrams and/or flowchart block or blocks, and thereby create means (functionality) and/or structure for implementing the functions/acts specified in the block diagrams and/or flowchart block(s).

[0123] These computer program instructions may also be stored in a tangible computer- readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture including instructions which implement the functions/acts specified in the block diagrams and/or flowchart block or blocks. Accordingly, embodiments of the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.) that runs on a processor such as a digital signal processor, which may collectively be referred to as “circuitry,” “a module” or variants thereof.

[0124] It should also be noted that in some alternate implementations, the functions/acts noted in the blocks may occur out of the order noted in the flowcharts. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Moreover, the functionality of a given block of the flowcharts and/or block diagrams may be separated into multiple blocks and/or the functionality of two or more blocks of the flowcharts and/or block diagrams may be at least partially integrated. Finally, other blocks may be added/inserted between the blocks that are illustrated, and/or blocks/operations may be omitted without departing from the scope of the present disclosure. Moreover, although some of the diagrams include arrows on communication paths to show a primary direction of communication, it is to be understood that communication may occur in the opposite direction to the depicted arrows.

[0125] Many variations and modifications can be made to the embodiments without substantially departing from the principles of the present disclosure. All such variations and modifications are intended to be included herein within the scope of present disclosure. Accordingly, the above disclosed subject matter is to be considered illustrative, and not restrictive, and the examples of embodiments are intended to cover all such modifications, enhancements, and other embodiments, which fall within the spirit and scope of the present disclosure. Thus, to the maximum extent allowed by law, the scope of the present disclosure is to be determined by the broadest permissible interpretation of the present disclosure including the examples of embodiments and their equivalents, and shall not be restricted or limited by the foregoing detailed description.

Claims

Claims:

1. A method performed by a network node, the method comprising: transmitting (408), to a first, ambient Internet of Things (loT), device, a first beam from a plurality of beams; receiving (410), from the first device, a first measurement of the first device on the first beam; determining (412) whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement; and when the first device is trusted, generating (414) a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

2. The method of Claim 1, further comprising: communicating (420) with at least one of the second device and a third device with the virtual networking stack.

3. The method of any one of Claims 1 to 2, further comprising: when the first device is not trusted, identifying (416) the first device as not trusted.

4. The method of nay one of Claims 1 to 3, further comprising: collecting (400) data from at least the first device to establish communication with the first device.

5. The method of Claim 4, wherein the collecting (400) data comprises (i) transmitting a plurality of beams that respectively have an identifier to the first device, and (ii) for each respective beam in the plurality of beams, receiving a response from the first device that includes a first device identifier, a measurement of the first device, and an information for the respective beams from which the dominant beam from the plurality of beams is identified.

6. The method of Claim 4, wherein the collecting (400) data comprises receiving an identity of the dominant beam from the first device.

7. The method of Claim 5 or Claim 6, wherein the dominant beam is used for the communication with the first device.

8. The method of any one of Claims 5 to 6, wherein the information comprises a parity check that identifies to the network node whether the measurement from the first device was received successfully at the network node.

9. The method of any one of Claims 1 to 8, further comprising: generating (402) the association for at least the first device the second device comprising, per device, at least an identifier for the device, an average of measurements received from the device over a period of time, and an identifier of a beam on which the network node received the measurements.

10. The method of Claim 9, wherein respective measurements in the average of measurements respectively are within a specified margin of error.

11. The method of Claim 10, wherein the association further comprises a location of the first device.

12. The method of any one of Claims 10 to 11, wherein the association further comprises a type of the first device.

13. The method of any one of Claims 1 to 12, wherein the association comprises a profile for the first device.

14. The method of Claim 13, wherein the profile is hosted in a unified data management, UDM, node.

15. The method of any one of Claims 9 to 14, further comprising: determining (404) a type of the first device based on the average measurement; and adding (406) the type of the first device to the association.

16. The method of any one of Claims 2 to 15, wherein the communicating (420) comprises sending the first measurement tagged with the physical device address to at least one of the second device and the third device.

17. The method of any one of Claims 1 to 16, further comprising: when the first device is not trusted, performing (418) at least one of (i) monitoring responses of the first device for a period of time, and (ii) when a number of the responses exceed a defined threshold for the period of time, quarantining the first device.

18. The method of any one of Claims 1 to 17, wherein the first measurement and the second measurement comprise an environmental measurement.

19. The method of any one of Claims 1 to 18, wherein the first beam comprises a signal synchronization block, SSB, index or SSB identifier.

20. The method of any one of Claims 1 to 19, wherein the network node comprises at least one of a base station and an edge cloud node.

21. A network node (100, 5110, 7300) comprising: processing circuitry (7302); memory (7304) coupled with the processing circuitry, wherein the memory includes instructions that when executed by the processing circuitry causes the network node to perform operations comprising: transmit, to a first, ambient Internet of Things (loT), device, a first beam from a plurality of beams; receive, from the first device, a first measurement of the first device on the first beam; determine whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement; and when the first device is trusted, generate a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

22. The network node of Claim 21, wherein the operations further comprise any of the operations of Claims 2 to 20.

23. A non-transitory computer readable medium (7304) including program code to be executed by processing circuitry (7302) of a network node (100, 5110, 7300), whereby execution of the program code causes the program code to perform operations comprising: transmit, to a first, ambient Internet of Things (loT), device, a first beam from a plurality of beams; receive, from the first device, a first measurement of the first device on the first beam; determine whether the first device is trusted based on whether the first measurement from the first device is from a dominant beam based on an association of the first device with the dominant beam and whether at least a second device sent a second measurement by the second device of a same type of measurement as the first measurement that is within a specified range of the first measurement; and when the first device is trusted, generate a virtual networking stack for the first device hosted in the network node that emulates at least one of a physical device address and an internet protocol, IP, address for the first device.

24. The non-transitory computer readable medium of Claim 23, wherein the operations further comprise any of the operations of Claims 2 to 20.