WO2025155153A1 - Method and apparatus for handling user identifiers associated with user equipment in a wireless communication system - Google Patents

Abstract

The disclosure relates to a 5G or 6G communication system for supporting a higher data transmission rate. Embodiments herein provide a method and system for handling user identifiers associated with user equipment in communication network system (400). The method includes receiving by a network apparatus (200), a request message from the UE (100), where the request message includes an indication indicating a UE (100) capability to support a user identifier service. Further the network apparatus (200) generates a response message comprising a user identifier information. The user identifier information includes at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including the list of cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200). The network apparatus (200) transmits the response message with the user identifier information to the UE (100).

Description

METHOD AND APPARATUS FOR HANDLING USER IDENTIFIERS ASSOCIATED WITH USER EQUIPMENT IN A WIRELESS COMMUNICATION SYSTEM

The present application is based on and claims priority from Indian Provisional Application Number 202441003895 filed on 19th January 2024, and 202441007781 filed on 5th February 2024, the disclosure of which is hereby incorporated by reference herein. The proposed embodiments relate to wireless communication and more particularly relates to a method and system for handling user identifier of a User Equipment (UE) in a communication network system.

5G mobile communication technologies define broad frequency bands such that high transmission rates and new services are possible, and can be implemented not only in “Sub 6GHz” bands such as 3.5GHz, but also in “Above 6GHz” bands referred to as mmWave including 28GHz and 39GHz. In addition, it has been considered to implement 6G mobile communication technologies (referred to as Beyond 5G systems) in terahertz bands (for example, 95GHz to 3THz bands) in order to accomplish transmission rates fifty times faster than 5G mobile communication technologies and ultra-low latencies one-tenth of 5G mobile communication technologies.

At the beginning of the development of 5G mobile communication technologies, in order to support services and to satisfy performance requirements in connection with enhanced Mobile BroadBand (eMBB), Ultra Reliable Low Latency Communications (URLLC), and massive Machine-Type Communications (mMTC), there has been ongoing standardization regarding beamforming and massive MIMO for mitigating radio-wave path loss and increasing radio-wave transmission distances in mmWave, supporting numerologies (for example, operating multiple subcarrier spacings) for efficiently utilizing mmWave resources and dynamic operation of slot formats, initial access technologies for supporting multi-beam transmission and broadbands, definition and operation of BWP (BandWidth Part), new channel coding methods such as a LDPC (Low Density Parity Check) code for large amount of data transmission and a polar code for highly reliable transmission of control information, L2 pre-processing, and network slicing for providing a dedicated network specialized to a specific service.

Currently, there are ongoing discussions regarding improvement and performance enhancement of initial 5G mobile communication technologies in view of services to be supported by 5G mobile communication technologies, and there has been physical layer standardization regarding technologies such as V2X (Vehicle-to-everything) for aiding driving determination by autonomous vehicles based on information regarding positions and states of vehicles transmitted by the vehicles and for enhancing user convenience, NR-U (New Radio Unlicensed) aimed at system operations conforming to various regulation-related requirements in unlicensed bands, NR UE Power Saving, Non-Terrestrial Network (NTN) which is UE-satellite direct communication for providing coverage in an area in which communication with terrestrial networks is unavailable, and positioning.

Moreover, there has been ongoing standardization in air interface architecture/protocol regarding technologies such as Industrial Internet of Things (IIoT) for supporting new services through interworking and convergence with other industries, IAB (Integrated Access and Backhaul) for providing a node for network service area expansion by supporting a wireless backhaul link and an access link in an integrated manner, mobility enhancement including conditional handover and DAPS (Dual Active Protocol Stack) handover, and two-step random access for simplifying random access procedures (2-step RACH for NR). There also has been ongoing standardization in system architecture/service regarding a 5G baseline architecture (for example, service based architecture or service based interface) for combining Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies, and Mobile Edge Computing (MEC) for receiving services based on UE positions.

As 5G mobile communication systems are commercialized, connected devices that have been exponentially increasing will be connected to communication networks, and it is accordingly expected that enhanced functions and performances of 5G mobile communication systems and integrated operations of connected devices will be necessary. To this end, new research is scheduled in connection with eXtended Reality (XR) for efficiently supporting AR (Augmented Reality), VR (Virtual Reality), MR (Mixed Reality) and the like, 5G performance improvement and complexity reduction by utilizing Artificial Intelligence (AI) and Machine Learning (ML), AI service support, metaverse service support, and drone communication.

Furthermore, such development of 5G mobile communication systems will serve as a basis for developing not only new waveforms for providing coverage in terahertz bands of 6G mobile communication technologies, multi-antenna transmission technologies such as Full Dimensional MIMO (FD-MIMO), array antennas and large-scale antennas, metamaterial-based lenses and antennas for improving coverage of terahertz band signals, high-dimensional space multiplexing technology using OAM (Orbital Angular Momentum), and RIS (Reconfigurable Intelligent Surface), but also full-duplex technology for increasing frequency efficiency of 6G mobile communication technologies and improving system networks, AI-based communication technology for implementing system optimization by utilizing satellites and AI (Artificial Intelligence) from the design stage and internalizing end-to-end AI support functions, and next-generation distributed computing technology for implementing services at levels of complexity exceeding the limit of UE operation capability by utilizing ultra-high-performance communication and computing resources.

The present disclosure relates to wireless communication systems and, more specifically, the present disclosure relates to handling user identifiers associated with user equipment in a wireless communication systems.

In an aspect, the objects are achieved by providing a method for handling user identifiers associated with a User Equipment (UE) in a communication network system. The method includes receiving by a network apparatus, a request message from the UE, where the request message includes an indication indicating a UE capability to support a user identifier service. Further the network apparatus generates a response message comprising a user identifier information. The user identifier information includes at least one user identifier associated with the UE that is restricted to avail a service from the network apparatus during roaming or within a restricted area including the list of cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE to avail the service from the network apparatus. The network apparatus transmits the response message with the user identifier information to the UE.

In another aspect, the objects are achieved by providing a method for handling user identifiers associated with the UE in the communication network system. The UE sends the request message to the network apparatus, where the request message includes the indication indicating that the UE capability to support the user identifier service. The UE supports a list of user identifiers to the user identifier service from the network apparatus. The UE receives the response message with the user identifier information from the network apparatus, where the user identifier information includes at least one user identifier associated with the UE that is restricted to avail a service from the network apparatus during roaming or within a restricted area including list of Cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE to avail the service from the network apparatus. Further the method includes detecting by the UE whether the UE is in the roaming or the UE has moved inside the restricted area. When the UE is not in the roaming or the UE is not inside the restricted area, the UE sends a request for other user identifiers for which no restriction is defined to the network apparatus whereas when the UE is in the roaming or the UE is inside the restricted area, the UE skip sending by the UE any request for the other user identifiers that is not allowed to avail the service from the network apparatus by considering current user identifier as restricted to avail the service.

In yet another aspect, the objects are achieved by providing a method for handling user associated with the UE, where a visited network apparatus receives a Packet Data Unit (PDU) session establishment request message from the UE with a user identifier while the UE is in roaming. The visited network apparatus determines whether a Data Network Name (DNN) requested by the UE is defined as Home Routed (HR) roaming. The visited network apparatus forwards the PDU session establishment request message to a home network apparatus. The home network apparatus downloads the subscription information along with the user identifier information linked to the subscription information for the UE from a Unified Data Management (UDM) apparatus or Unified Data Repository (UDR). Further the home network apparatus determines whether the received user identifier from the visited network apparatus is allowed to avail the service during roaming and sends PDU session reject message rejecting the PDU session establishment request message with a cause code to the visited network apparatus, when the home network apparatus determines that the user identifier is not allowed to avail the service during the roaming. The visited network apparatus forwards the PDU session reject message with the cause code to the UE.

In yet another aspect, the objects are achieved by providing a method for handling user identifiers associated with the UE, where the visited network apparatus receives the PDU session establishment request message from the UE with a user identifier while the UE is in roaming. The visited network apparatus determines whether the DNN requested by the UE is defined as Local Breakout (LBO) roaming. Further the visited network apparatus rejects the PDU session establishment request message with a cause code, when the DNN requested by the UE is defined as the LBO roaming. Furthermore, the visited network apparatus forwards the PDU session reject message to the UE, without forwarding the PDU session establishment request message to the home network apparatus.

In another aspect, the objects are achieved by providing a network apparatus for handling the user identifier associated with the UE, where the network apparatus includes a memory, a processor, a user identifier service controller. The user identifier service controller is communicatively coupled with the memory and the processor. The network apparatus receive the request message from the UE, where the request message includes an indication indicating the UE capability to support the user identifier service. Further the network apparatus generate the response message including a user identifier information, where the user identifier information includes user identifier associated with the UE that is restricted to avail a service from the network apparatus during roaming or within a restricted area including the list of Cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE to avail the service from the network apparatus. Further the network apparatus transmit the response message with the user identifier information to the UE.

In yet another aspect the objects are achieved by providing the UE for handling the user associated with the UE in communication network system. The UE includes a memory, a processor and a user identifier service controller. The user identifier service controller coupled with the memory and the processor is configured to send the request message to the network apparatus, where the request message includes an indication indicating the UE capability to support the user identifier service. The UE supports a list of user identifiers to the user identifier service from the network apparatus. The user identifier service controller receive a response message including user identifier information from the network apparatus. The user identifier information includes user identifier associated with the UE that is restricted to avail a service from the network apparatus during roaming or within a restricted area including list of Cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE to avail the service from the network apparatus. The user identifier service controller detect whether the UE is in the roaming or the UE has moved inside the restricted area. The UE send a request for other user identifiers for which no restriction is defined to the network apparatus, when the UE is not in the roaming or the UE is not inside the restricted area. Whereas when the UE is in the roaming or the UE is inside the restricted area, the UE skip sending any request for the other user identifiers that is not allowed to avail the service from the network apparatus by considering current user identifier as restricted to avail the service.

In yet another aspect, the communication network system is provided for handling user identifiers associated with the UE. The communication network system includes the visited network apparatus, the home network apparatus, the UDM apparatus, the UDR apparatus and the UE. The visited network apparatus further includes a memory, a processor and a user identifier service controller. The visited network apparatus receives a PDU session establishment request message from the UE with a user identifier while the UE is in roaming. Further the visited network apparatus determines whether the DNN requested by the UE is defined as HR roaming. Further the visited network apparatus forwards the PDU session establishment request message to the home network apparatus. The home network apparatus download the subscription information along with the user identifier information linked to the subscription information for the UE from the UDM apparatus or UDR apparatus. Further the home network apparatus includes a memory, a processor and a user identifier service controller, where the use identifier service controller associated with the home network apparatus is configured to download the subscription information along with the user identifier information linked to the subscription information for the UE from the UDM apparatus or UDR apparatus. Further the home network apparatus determines whether the received user identifier from the visited network apparatus is allowed to avail the service during roaming and reject the PDU session establishment request message with the cause code, when the home network apparatus determines that the user identifier is not allowed to avail the service during the roaming. Further the home network apparatus forwards a PDU session reject message with the cause code to the UE through visited network apparatus.

These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It is understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.

According to an embodiment of the disclosure, a wireless communication can be performed efficiently. Especially, a handling user identifiers associated with user equipment in a wireless communication systems can be performed efficiently.

These and other features, aspects, and advantages of the present embodiments are illustrated in the accompanying drawings, throughout which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:

Figs. 1a and 1b are block diagrams that illustrate the hardware features associated with the communication network system, according to the embodiments as disclosed herein

Fig. 2 is a block diagram that illustrates the hardware features associated with the UE, according to the embodiments as disclosed herein.

Fig. 3a is a block diagram that illustrate the hardware features associated with the network apparatus, the home network apparatus and the visited network apparatus respectively according to the embodiments as disclosed herein.

Fig. 3b is a block diagram that illustrate the hardware features associated with the network apparatus, the home network apparatus and the visited network apparatus respectively according to the embodiments as disclosed herein.

Fig. 3c is a block diagram that illustrate the hardware features associated with the network apparatus, the home network apparatus and the visited network apparatus respectively according to the embodiments as disclosed herein.

Fig. 4 is a sequence diagram that illustrates the methods for defining policy to restrict the usage of user identifiers in the communication network system, according to the embodiments as disclosed herein.

Fig. 5 is a sequence diagram that illustrates the procedure executed by NEF/UDM to uniquely assign user identifier to Application Function for successful manage of user profile in communication network system, according to the embodiments as disclosed herein.

Fig. 6 is a flow diagram that illustrates the method for handling user identifiers associated with the UE in the communication network system, according to the embodiments as disclosed herein.

Fig. 7 is a flow diagram that illustrates the method of handling user identifiers associated with the UE in a communication network system, according to the embodiments as disclosed herein.

Fig. 8 is a flow diagram that illustrates the method for handling user identifiers associated with the UE during roaming conditions in a communication network system, according to the embodiments as disclosed herein.

Fig. 9 is a flow diagram that illustrates the method for handling user identifiers associated with the UE during roaming particularly, in Local Break Out (LBO) roaming conditions in a communication network system, according to the embodiments as disclosed herein.

It may be noted that to the extent possible, like reference numerals have been used to represent like elements in the drawing. Further, those of ordinary skill in the art will appreciate that elements in the drawing are illustrated for simplicity and may not have been necessarily drawn to scale. For example, the dimension of some of the elements in the drawing may be exaggerated relative to other elements to help to improve the understanding of aspects of the invention. Furthermore, the elements may have been represented in the drawing by conventional symbols, and the drawings may show only those specific details that are pertinent to the understanding the embodiments of the invention so as not to obscure the drawing with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.

User identifiers in wireless communication are unique identifiers for the users of devices connected behind a UE. These user identifiers help in managing and securing wireless communication networks by ensuring that each user of the devices connected behind the UE can be uniquely identified and authenticated. Further the user identifiers are used to get differential services from the network.

In general, by enhancing the 5G system to allow for the creation and utilization of user-specific identities, operators will be able to provide enhanced user experience, optimized performance, and offer services to devices and users that are not part of the operator's 3GPP network. For example, network settings can be adapted and services can be offered to users according to users' needs, different from the subscription identifier that is used by the user to establish the connection. In the context of this work, the user to be identified could be an individual user using a UE with a certain subscription, an application running on or connecting via a UE, or a device (e.g., a PINE) behind a gateway UE (e.g., a PIN Element with gateway capability (PEGC)).

In the scenario when the user access the 5G services by using identifier there is a need for 5GC to ensure that at any point of time, only one human user is availing the service through a single subscription. Also, there will be some use cases like in some location, roaming where the user identifiers all not allowed to get services from the network. Currently, there is no method that defines the allowed user identifiers for performing registrations and PDU sessions. The UE could be used by different users at same or different point of times, each user requiring a different type of service and/or treatment of traffic sent to/from the device. For example, premium users may activate superior Quality of Service (QoS) while connecting to the network through a common mobile device, while other users may use default QoS. Similarly, it may be desirable to restrict some devices to, e.g. certain human users only. At present there are no policies to restrict the user identifiers which are not allowed to avail services.

Thus, it is desired to address the above-mentioned disadvantages, issues or other shortcomings or at least provide a useful alternative.

OBJECT OF INVENTION

The principal object of the embodiments herein is to provide a system and method for handling user identifier associated with a User Equipment (UE) in a communication network system.

Another object of the embodiment herein is to address the scenario of how the network restricts the usage of the identifiers including roaming scenario.

Yet another object of the embodiments herein is to provide a system and method for enabling a wireless network to uniquely assign the user identifier for the Application Function to create, update or delete the user profile in the 5GC and hence ensuring by addressing any duplication when same user identifier is configured by Application Function.

The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and details in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments. The term “or” as used herein, refers to a non-exclusive or, unless otherwise indicated. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein can be practiced and to further enable those skilled in the art to practice the embodiments herein. Accordingly, the examples are not be construed as limiting the scope of the embodiments herein.

As is traditional in the field, embodiments are described and illustrated in terms of blocks that carry out a described function or functions.　These blocks, which referred to herein as managers, units, modules, hardware components or the like, are physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits and the like, and optionally be driven by firmware and software. The circuits, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.　The circuits constituting a block be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block. Each block of the embodiments be physically separated into two or more interacting and discrete blocks without departing from the scope of the proposed method.　Likewise, the blocks of the embodiments be physically combined into more complex blocks without departing from the scope of the proposed method.

The accompanying drawings are used to help easily understand various technical features and it is understood that the embodiments presented herein are not limited by the accompanying drawings. As such, the proposed method is construed to extend to any alterations, equivalents and substitutes in addition to those which are particularly set out in the accompanying drawings. Although the terms first, second, etc. used herein to describe various elements, these elements are not be limited by these terms. These terms are generally used to distinguish one element from another.

Use cases are thoroughly discussed in TR 22.904 and include:

One or more users (i.e., humans) sharing one UE, and

One or more users (i.e., devices) behind one gateway UE.

One or more users (i.e., gaming applications) running on the same UE and each is treated as a different user.

The reason for utilizing operator user-specific identities in the 3GPP network is to allow the operator to charge and provide service differentiation based on the user identifier.

3GPP release 19 initiated a study to address the requirement of providing user specific services in case of multiple users sharing the same device. The objectives of this study are not to move subscriber information into a user profile and information from the user profile should not be used to override information in a subscription. For example, the slices and DNNs that are available to the UE do not change based on the user of the UE.

Work Tasks 1.x focuses on supporting the use case where the user identifier of a human is associated with traffic that is to/from the UE:

WT#1.1: Define the architectural assumptions that are necessary to support identifying the user identifier that is associated with a UE's traffic.

NOTE A: When the user identifier applies to a human, only a single user identifier is associated with the UE at a given time and it is assumed that the user identifier is associated with all of services that the UE access during the time that the user identifier and UE are associated.

WT#1.2: What information is stored as part of the user profile (e.g., a user identifier, associated security credentials, associated devices, user specific QoS settings). Including how user profiles are acquired, stored, and updated in the 5GC.

WT#1.3: Whether and how user identifiers are linked and unlinked (i.e., associated) with 3GPP subscriptions in an operator-controlled manner.

WT#1.4: Whether and how user specific QoS settings are taken into account by the 3GPP system in order to provide service differentiation when providing communication services.

Work Tasks 2.x builds on the human use case of Work Tasks 1.x. The focus of this work task is on how users are authenticated and authorized, how user identifier related functionality and information is exposed, and how the network restricts user identifiers.

WT#2.1: How are users authenticated and authorized and what user profile information and functionality is exposed to 3rd parties (e.g., exposure of the content of the user profile, exposure of authorization/authentication results, authenticating users, and linking a user identifier with a subscription).

NOTE 5: Privacy protections (e.g., privacy of information in the user profile) need to be considered by SA WG3.

NOTE 6: Aspects of this work task will depend on interaction with SA WG3. For example, authentication and Authorization methods are in the remit of SA WG3. Also, privacy questions related to exposure of user profile information need to be coordinated with SA WG3.

NOTE 7: Some exposure aspects (e.g., what functionality needs to be exposed) may depend in interaction with SA WG6.

WT#2.2: How the network restricts the usage of user identifiers, including in roaming scenarios (e.g., how the operator restricts the number of simultaneously active user identifiers per SUPI (i.e., per subscription), restricts the usage of a user identifier in roaming scenarios, and suspends usage of the user identifier based on operator policy or location).

Support for the identification of non-3GPP devices that communicate via a gateway UE may also enable use cases such as the deployment of a 5G Mobile VPN that is managed by the network. A 5G Mobile VPN that can provide a secure and reliable connection between an enterprise's equipment, which includes non-3GPP devices, and authorized UEs that are located off-premises. In Rel-18, as part of 5WWC_Ph2, support was added for AUN3 devices behind a 5G-RG. Support for AUN3 devices requires that each device has its own SUPI, its own subscription data, and that a separate NAS context be maintained by the AMF and 5G-RG for each AUN3.

Furthermore, the 5G-RG establishes a separate PDU Session on behalf of each AUN3 device. A goal of this work is to enable the non-3GPP devices to be identified and to use only the subscription of the UE or RG to access the 5GC.Currently SA2 has been started a study on user identities including three work tasks for the release-19 as follows:

Supporting the use case where the user identifier of a human is associated with traffic that is to/from the UE.

How users are authenticated and authorized, how user identifier related functionality and information is exposed, and how the network restricts user identifiers.

The case where non-3GPP devices behind a UE or RG (5G-RG) need to be identified. The focus of this work task is how an identifier is used by the network to control and identify the traffic to/from UE or RG (5G-RG) when the traffic is associated with the non-3GPP devices. This objective differs from existing support for AUN3 devices in TS 23.316 because the objective is to enable the non-3GPP devices to be identified and to use only the subscription of the UE or RG (5G-RG) to access the 5GC (i.e., the UE or RG should have to maintain only a NAS Context itself and not for each non-3GPP device). Also, it may be possible for the non-3GPP devices to share a PDU Session.

In an embodiment, a user is an entity, not part of the 3GPP System, which uses 3GPP System services. Example: a person using a 3GPP System mobile station as a portable telephone. Further the user identifier refers to a piece of information used to identify one specific User Identity in one or more system, where the User Identity involves with the information representing a user in a specific context. Furthermore, the user identity profile or user profile, used interchangeably in the embodiment refers to a collection of information associated with the User Identities of a user.

In conventional methods, wireless networks based on 3GPP technologies, e.g. 5G, identify a user equipment based on a subscription identity (e.g. SUPI) pre-provisioned into the mobile device (e.g. in a SIM). The device itself is further identified using International Mobile Equipment Identity (IMEI).

Such a user equipment could be used by different users at same or different point of times, each user requiring a different type of service and/or treatment of traffic sent to/from the device. For example, premium users may activate superior Quality of Service (QoS) while connecting to the network through a common mobile device, while other users may use default QoS. Similarly, it may be desirable to restrict some devices to, e.g. certain human users only.

3GPP group has started a study in Rel 19 and draft Key Issues to address these requirements. One of the KI is mentioned below.

Key Issue: Identifying the Human User of a Subscription

This key issue focuses on how to support identifying the human user of a UE's 3GPP subscription when the human user access services via the 5GS using a user identifier. Solutions to this key issue will address:

whether and how the 5GC supports identifying the User Identifier that is associated with a UE's traffic,

requirements related to the User Identifiers e.g. scope of uniqueness and how they are assigned,

what information is stored as part of the User Identity Profile (e.g., a User Identifier, associated security credentials, associated devices, user specific QoS settings). Including how User Identity Profiles are created/acquired, stored, and updated,

whether and how User Identifiers are linked and unlinked (i.e., associated) with 3GPP subscriptions in an operator-controlled manner, and

whether and how user specific policies, e.g. QoS settings, are taken into account by the 5GS in order to provide service differentiation.

The present disclosure proposes some solutions especially how the user profiles are created/updated and how to ensure that it is uniquely assigned so that 5GC can provide differentiated service accordingly.

The proposed method address the scenario of how the network restricts the usage of the identifiers including roaming scenario. The method includes identifying a user using the UE and restricting the usage for the user in the network.

Further in an embodiment, the method is provided for enabling a wireless network to uniquely assign the user identifier for the application function to create, update or delete the user profile in the 5GC and hence ensuring by addressing any duplication when same user identifier is configured by application function.

Referring now to the drawings and more particularly to Figs. 1 through 9, where similar reference characters denote corresponding features consistently throughout the figure, these are shown preferred embodiments.

Figs. 1a and 1b are block diagrams that illustrate the hardware features associated with the communication network system (400), according to the embodiments as disclosed herein. With reference to Fig. 1, the communication network system (400) can encompass a diverse range of devices including but not limited to UE (100), the network apparatus (200), UDM apparatus (300), the UDR apparatus (301) and others.

The UE (100) includes but not limited to a mobile device, such as a smartphone, tablet, laptop, or other type of wireless device that is used to access the wireless communication network. The UE (100) is equipped with a Subscriber Identity Module (SIM) card, connects to the network apparatus (200) through base stations (e.g., Node B, eNodeB, gNodeB) that handle the transmission and reception of signals.

In an embodiment, during a normal scenario, where the user is not roaming, the session management and registration can be maintained by a Session Management Function (SMF), Access Management Function (AMF) and the like which is collectively mentioned as the network apparatus (200). Further for managing the sessions and to handle the user identifiers associated with the UE during roaming cases, the visited network apparatus (200b) and the home network apparatus (200a) are specifically described which handle the user identifiers associated with the UE in the communication network system during roaming.

The network apparatus (200) includes but not limited to the Home Location Register (HLR) or Home Subscriber Server (HSS) for storing subscriber information, the Network Exposure Function (NEF) which exposes network capabilities to external applications, while the Application Function (AF) interacts with the UE (100) to provide services like Quality of Service (QoS) management. Further the network apparatus (200) includes Session Management Function (SMF) which primarily performs session management functions like PDU session establishment, session modification and the like.

The UDM apparatus (300) and the UDR apparatus (301) centralize user-related data and subscriber management functions, providing a unified repository for user profiles, authentication data, and subscription information. The UDM apparatus (300) performs authentication procedures, manages user data, and supports access authorization based on the subscription information. The detailed functions of each of the hardware components associated with the communication network system is described in the below embodiments.

With reference to the Fig. 1b that illustrates the communication network system (400), particularly for a roaming scenario, the communication network system (400) includes but not limited to the UE (100), the visited network apparatus (200b), the home network apparatus (200a), the UDM apparatus (300), the UDR apparatus (301) and others.

The visited network apparatus (200b) and home network apparatus (200a), enforces network policies, handles IP address allocation, and manages mobility scenarios to maintain continuous connectivity during roaming. The visited network apparatus (200b) is responsible for managing user sessions when a subscriber is roaming in a visited network. It interacts with the home network apparatus (200a) in the subscriber's home network to ensure seamless session management and mobility support. The visited network apparatus (200b) aligns the policies enforced in the visited network with those defined by the home network's policy control functions. The home network apparatus (200a), located in the user's home network and is responsible for managing the quality of service (QoS) and network functions of the user's connection. The home network apparatus (200a) controls and manages traffic flow, prioritizes certain types of traffic, and ensures that the user's connection is optimized for their specific needs. The home network apparatus (200a) interacts with the visited network apparatus (200b) to provide seamless session management and mobility support for roaming subscribers.

Fig. 2 is a block diagram that illustrates the hardware features associated with the UE, according to the embodiments as disclosed herein. With reference to Fig. 2, the UE (100) can encompass a diverse range of devices including but not limited to laptops, palmtops, desktops, mobile phones, smartphones, Personal Digital Assistants (PDAs), tablets, wearable devices, Internet of Things (IoT) devices, virtual reality devices, foldable devices, flexible devices, display devices, and immersive systems. In an embodiment, the UE (100) includes a memory (101), a processor (103), an I/O interface (102), and a user identifier service controller (104).

The memory (101) stores instructions to be executed by the processor (103). The memory (101) can include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard disks, optical disks, floppy disks, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. In addition, the memory (101) may in some examples be considered a non-transitory storage medium. The term non-transitory may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term non-transitory should not be interpreted that the memory (101) is non-movable. In some examples, the memory (101) stores larger amounts of information. In certain examples, a non-transitory storage medium may store data that can over time change (e.g., in Random Access Memory (RAM) or cache). The memory (101) stores the user identifier of the UE (100), user profiles, UE subscription information and the information regarding the roaming. Further, it stores capabilities of the UE (100) and the information regarding the session establishment and session management.

The processor (103) may include one or a plurality of processors. The one or the plurality of processors may be a general-purpose processor such as a central processing unit (CPU), an application processor (AP), or the like, a graphics-only processing unit such as a graphics processing unit (GPU), a visual processing unit (VPU), and/or an AI-dedicated processor such as a neural processing unit (NPU). The processor (103) may include multiple cores and is configured to execute the instructions stored in the memory (101). The processor (103) fetches the user identifiers associated with the UE (100), information regarding the restricted services, and the UE roaming information. Further, the processor (103) retrieves instructions from the memory (101) and executes them.

The I/O interface (102) transmits the information between the memory (101) and external peripheral devices. The peripheral devices are the input-output devices associated with the network apparatus (200). The I/O interface (102) receives several pieces of information from a plurality of UEs, network devices, servers, and the like. The I/O interface (102) ensures that the operating speed of the processor is synchronized with respect to the input and output devices. The I/O interface (102) establishes a connection between different peripheral devices like user identifier service controller (104), memory (101), and others to handle user identifiers associated with the UE (100) for any scenario-specific action like allow or reject PDU session or registration.

In an embodiment, the user identifier service controller (104) sends the request message to a network apparatus (200), wherein the request message comprises an indication indicating that a UE capability to support the user identifier service, wherein the UE supports a list of user identifiers to the user identifier service from the network apparatus

The user identifier service controller (104) sends the request message to the network apparatus (200). The request message includes an indication indicating the UE capability to support the user identifier service. The UE (100) supports a list of user identifiers to the user identifier service from the network apparatus (200). The user identifier service controller (104) receives the response message including user identifier information from the network apparatus (200). The user identifier information comprises at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus during roaming or within a restricted area including list of cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE to avail the service from the network apparatus (200). The user identifier service controller (104) detects whether the UE (100) is in the roaming or the UE (100) has moved inside the restricted area. The user identifier service controller (104) send the request for other user identifiers for which no restriction is defined to the network apparatus (200), when the UE (100) is not in the roaming or the UE (100) is not inside the restricted area. In case when the UE (100) is in the roaming or the UE (100) is inside the restricted area, the user identifier service controller (104) skip sending any request for the other user identifiers that is not allowed to avail the service from the network apparatus (200) by considering current user identifier as restricted to avail the service.

In an embodiment, the user identifier service controller (104) detects that for an already established PDU session for the user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area when the UE (100) is in the roaming or the UE (100) is inside the restricted area. Further the user identifier service controller (104) deactivates the PDU session established for the user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area. The user identifier service controller (104) skip sending any user plane uplink traffic or control plane data (CP-DATA) to the network apparatus (200) during a period in which the UE (100) is inside the restricted area. The user identifier service controller (104) transmit the PDU session establishment request message or PDU session modification request message from the restricted area to the network apparatus (200), where the network apparatus (200) receives the PDU session establishment request message in the restricted area where the user identifier is restricted to avail the service from the network apparatus (200). Further the user identifier service controller (104) receive the PDU session reject message from the network apparatus (200) when the user identifier is not allowed avail the service from the network apparatus (200) in the restricted area with a suitable reject cause code.

In an embodiment, the request message includes at least one of a registration request message, a PDU session establishment message and a PDU session modify request message.

The user identifier service controller (104) is an innovative hardware component integrated into the UE (100) via processing circuitry, which includes logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, and various electronic and optical components. These circuits may be on semiconductor chips or substrates like printed circuit boards.

At least one component of the user identifier service controller (104) may use an AI/ML model. Functions associated with the AI model are executed through the memory (101) and processor (103). The processors manage input data processing based on predefined operating rules or AI/ML models stored in volatile and non-volatile memory. These models are created through training or learning processes.

Learning involves applying a learning process to multiple data sets to develop a desired operating rule or AI/ML model. This can occur within the device or via a separate server/system. The AI/ML model may include multiple neural network layers, each with weight values and layer operations. Examples of neural networks include CNN, DNN, RNN, RBM, DBN, BRDNN, GAN, and deep Q-networks.

The learning process trains a target device (e.g., a robot) using various data to enable it to make decisions or predictions. Learning methods include supervised, unsupervised, semi-supervised, and reinforcement learning.

Figs. 3a, 3b and 3c are block diagrams that illustrate the hardware features associated with the network apparatus, according to the embodiments as disclosed herein.

With reference to Fig. 3a, the network apparatus (200) can encompass a diverse range of devices including but not limited to User Data Repository (UDR), Application Function (AF), Network Function (NF) and others. In an embodiment, the network apparatus (200) includes a memory (201), a processor (203), an I/O interface (202), and a user identifier service controller (204).

The memory (201) stores instructions to be executed by the processor (203). The memory (201) can include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard disks, optical disks, floppy disks, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. In addition, the memory (201) may in some examples be considered a non-transitory storage medium. The term non-transitory may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term non-transitory should not be interpreted that the memory (201) is non-movable. In some examples, the memory (201) stores larger amounts of information. In certain examples, a non-transitory storage medium may store data that can over time change (e.g., in Random Access Memory (RAM) or cache). The memory (201) stores the user identifier of the UE (100), user profiles, UE subscription information and the information regarding the roaming. Further, it stores capabilities of the UE (100) and the information regarding the session establishment and session management.

The processor (203) may include one or a plurality of processors. The one or the plurality of processors may be a general-purpose processor such as a central processing unit (CPU), an application processor (AP), or the like, a graphics-only processing unit such as a graphics processing unit (GPU), a visual processing unit (VPU), and/or an AI-dedicated processor such as a neural processing unit (NPU). The processor (203) may include multiple cores and is configured to execute the instructions stored in the memory (201). The processor (203) fetches the user identifiers associated with the UE (100), information regarding the restricted services, and the UE roaming information. Further, the processor (203) retrieves instructions from the memory (201) and executes them.

The I/O interface (202) transmits the information between the memory (201) and external peripheral devices. The peripheral devices are the input-output devices associated with the network apparatus (200). The I/O interface (202) receives several pieces of information from a plurality of UEs, network devices, servers, and the like. The I/O interface (202) ensures that the operating speed of the processor is synchronized with respect to the input and output devices. The I/O interface (202) establishes a connection between different peripheral devices like user identifier service controller (204), memory (201), and others to handle user identifiers associated with the UE (100) for any scenario-specific action like allow or reject PDU session or registration.

In an embodiment, the user identifier service controller (204) sends the request message to the network apparatus (200), where the request message includes an indication indicating the UE capability to support the user identifier service. The user identifier service controller (204) generate the response message including a user identifier information, wherein the user identifier information includes user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including the list of cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200). Further the user identifier service controller (204) transmits the response message with the user identifier information to the UE (100).

In an embodiment, the user identifier service controller (204) downloads the subscription information along with the user identifier information linked to the subscription information for the UE (100) from the UDM apparatus (300) or the UDR apparatus (301). The user identifier service controller (204) generates the response message by adding the user identifier information.

In an embodiment, the user identifier service controller (204) optionally receives a list of user identifiers associated with the UE (100). Further the network apparatus includes the AMF or the SMF.

In an embodiment request message includes at least one of a registration request message, a PDU session establishment message and a PDU session modification request message. In an embodiment the user identifier service controller (204) receives the PDU session establishment message or PDU session modification request message from the UE (100). The user identifier service controller (204) determines whether the user identifier is allowed to avail the service from the network apparatus in the restricted area based on the user identifier information. When the user identifier is not allowed to avail the service from the AMF or the SMF in the restricted area with a suitable reject cause code. The user identifier service controller (204).

The user identifier service controller (204) is an innovative hardware component integrated into the UE (100) via processing circuitry, which includes logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, and various electronic and optical components. These circuits may be on semiconductor chips or substrates like printed circuit boards.

With reference to the Fig. 3b which illustrates the hardware features of the home network apparatus (200a), the home network apparatus can encompass a diverse range of devices including but not limited to, home Session Management Function (hSMF) (200a). The home network apparatus (200a) includes a memory (201a), a processor (202a), an I/O interface (202a) and a user identifier service controller (204a).

The memory (201a) stores instructions to be executed by the processor (203). The memory (201a) can include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard disks, optical disks, floppy disks, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. In addition, the memory (201a) may in some examples be considered a non-transitory storage medium. The term non-transitory may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term non-transitory should not be interpreted that the memory (201) is non-movable. In some examples, the memory (201a) stores larger amounts of information. In certain examples, a non-transitory storage medium may store data that can over time change (e.g., in Random Access Memory (RAM) or cache). The memory (201a) stores the user identifier of the UE (100), user profiles, UE subscription information and the information regarding the roaming. Further, it stores capabilities of the UE (100) and the information regarding the session establishment and session management.

The processor (203a) may include one or a plurality of processors. The one or the plurality of processors may be a general-purpose processor such as a central processing unit (CPU), an application processor (AP), or the like, a graphics-only processing unit such as a graphics processing unit (GPU), a visual processing unit (VPU), and/or an AI-dedicated processor such as a neural processing unit (NPU). The processor (203a) may include multiple cores and is configured to execute the instructions stored in the memory (201a). The processor (203a) fetches the user identifiers associated with the UE (100), information regarding the restricted services, and the UE roaming information. Further, the processor (203a) retrieves instructions from the memory (201a) and executes them.

The I/O interface (202a) transmits the information between the memory (201a) and external peripheral devices. The peripheral devices are the input-output devices associated with the network apparatus (200). The I/O interface (202a) receives several pieces of information from a plurality of UEs, network devices, servers, and the like. The I/O interface (202a) ensures that the operating speed of the processor is synchronized with respect to the input and output devices. The I/O interface (202a) establishes a connection between different peripheral devices like user identifier service controller (204a), memory (201a), and others to handle user identifiers associated with the UE (100) for any scenario-specific action like allow or reject PDU session or registration.

The user identifier service controller (204a) downloads the subscription information along with the user identifier information linked to the subscription information for the UE (100) from the UDM apparatus (300), upon receiving the PDU session establishment request message from the visited network apparatus (200b). further the user identifier service controller (204a) determines whether the received user identifier from the visited network apparatus (200b) is allowed to avail the service during roaming. On determining that the received user identifier from the visited network apparatus (200b) is not allowed to avail the service, the user identifier service controller (204a), sends the PDU session reject message rejecting the PDU session establishment request message with a cause code, when the home network apparatus (200a).

Referring to the Fig. 3c which illustrates the hardware features of the visited network apparatus (200b), which can encompass a diverse range of devices including but not limited to visited Session Management Function (vSMF), Visitor Location Register (VLR) and others. The visited network apparatus (200b) includes a memory (201b), an I/O interface (202b), a processor (203b), a user identifier service controller (204b) and others.

The memory (201b) stores instructions to be executed by the processor (203). The memory (201b) can include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard disks, optical disks, floppy disks, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. In addition, the memory (201b) may in some examples be considered a non-transitory storage medium. The term non-transitory may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term non-transitory should not be interpreted that the memory (201) is non-movable. In some examples, the memory (201b) stores larger amounts of information. In certain examples, a non-transitory storage medium may store data that can over time change (e.g., in Random Access Memory (RAM) or cache). The memory (201b) stores the user identifier of the UE (100), user profiles, UE subscription information and the information regarding the roaming. Further, it stores capabilities of the UE (100) and the information regarding the session establishment and session management.

The processor (203b) may include one or a plurality of processors. The one or the plurality of processors may be a general-purpose processor such as a central processing unit (CPU), an application processor (AP), or the like, a graphics-only processing unit such as a graphics processing unit (GPU), a visual processing unit (VPU), and/or an AI-dedicated processor such as a neural processing unit (NPU). The processor (203b) may include multiple cores and is configured to execute the instructions stored in the memory (201b). The processor (203a) fetches the user identifiers associated with the UE (100), information regarding the restricted services, and the UE roaming information. Further, the processor (203b) retrieves instructions from the memory (201b) and executes them.

The I/O interface (202b) transmits the information between the memory (201b) and external peripheral devices. The peripheral devices are the input-output devices associated with the network apparatus (200). The I/O interface (202b) receives several pieces of information from a plurality of UEs, network devices, servers, and the like. The I/O interface (202b) ensures that the operating speed of the processor is synchronized with respect to the input and output devices. The I/O interface (202b) establishes a connection between different peripheral devices like user identifier service controller (204b), memory (201b), and others to handle user identifiers associated with the UE (100) for any scenario-specific action like allow or reject PDU session or registration.

The user identifier service controller (204b) receives PDU session establishment request message from the UE (100) with the user identifier while the UE (100) is in roaming. The visited network apparatus (200b) determines whether DNN requested by the UE (100) is defined as HR roaming. Further the visited network apparatus (200b) forwards the PDU session establishment request message to the home network apparatus (200a). The home network apparatus (200a) downloads the subscription information along with the user identifier information linked to the subscription information for the UE (100) from the UDM apparatus (300). Further the home network apparatus (200a) determines whether the received user identifier from the visited network apparatus (200b) is allowed to avail the service during roaming. The home network apparatus (200a) sends the PDU session reject message rejecting the PDU session establishment request message with a cause code to the visited network apparatus (200b), when the home network apparatus (200a) determines that the user identifier is not allowed to avail the service during the roaming. Further the visited network apparatus (200b) forwards the PDU session reject message with the cause code to the UE (100).

Further, in an embodiment, the visited network apparatus (200b) is provided for handling user identifiers associated with the UE (100) in the communication network system, particularly in LBO roaming case. The visited network apparatus (200b) receives the PDU session establishment request message from the UE with a user identifier while the UE (100) is in roaming. The visited network apparatus (200b) further determines whether the DNN requested by the UE (100) is defined as the LBO roaming. The visited network apparatus (200b) rejects the PDU session establishment request message with a cause code, when the DNN requested by the UE (100) is defined as the LBO roaming. The visited network apparatus (200b) sends the PDU session reject message to the UE (100), without forwarding the PDU session establishment request message to the home network apparatus (200a).

At least one component of the user identifier service controller (204) or (204a) or (204b) may use an AI/ML model. Functions associated with the AI model are executed through the memory and processor. The processors manage input data processing based on predefined operating rules or AI/ML models stored in volatile and non-volatile memory. These models are created through training or learning processes.

Learning involves applying a learning process to multiple data sets to develop a desired operating rule or AI/ML model. This can occur within the device or via a separate server/system. The AI/ML model may include multiple neural network layers, each with weight values and layer operations. Examples of neural networks include CNN, DNN, RNN, RBM, DBN, BRDNN, GAN, and deep Q-networks.

The learning process trains a target device (e.g., a robot) using various data to enable it to make decisions or predictions. Learning methods include supervised, unsupervised, semi-supervised, and reinforcement learning.

While Figs.1,2 and 3 illustrate the hardware components of the communication network system (300), the UE (100), the network apparatus (200) respectively, where alternative embodiments may include different or additional components. The labels or names of these elements are illustrative and do not limit the invention's scope. Components may also be combined to perform similar functions.

Fig. 4 is a sequence diagram that illustrates the methods for allowing or restricting the usage of user identifiers in the communication network system (400), according to the embodiments as disclosed herein. Handling user identifiers associated with the UE (100), primarily results in the efficient management of the network resources, bandwidth optimization, increased QoS and others. The Fig. 4 illustrates an example scenario of allowing and rejecting the PDU session of the user identifiers requested from different users, user1 and user2.

At step S401, the UE (100) is already registered and two user profile for User1 and User2 has been created. The registration refers to the process where the UE (100) connects to the network. During registration, the UE (100) sends a registration request to the network apparatus (200), where the network apparatus (200) authenticates the UE (100) to ensure it is a legitimate user. After authentication, the network apparatus (200) assigns resources and provides the UE (100) with necessary information to access network services and the user profile is created accordingly. The user profile in the communication network system (400) contains all the necessary information about the user and their subscription, service preferences and usage data.

At step S402, the visited network apparatus (200b) receives the PDU session establishment request from the user1. The PDU Session Establishment is the process of establishing a data path between the UE (100) and the 5G core network. The PDU session is used to carry user data and can support different types of services, such as voice, video, and data transmission. The UE initiates the PDU Session Establishment process by sending the PDU session establishment request message to the network apparatus. The request includes information about the type of service that the UE wants to use, and the type of traffic. Once the PDU session has been established, the UE can use it to send and receive data. The network apparatus manages the resources used by the PDU session to ensure that the network is used efficiently and that the UE receives the appropriate QoS.

At step S403, the visited network apparatus (200b) sends PDU session establishment request or the PDU session create request for user1 to the home network apparatus (200a). The visited network apparatus (200b) sends the request to the home network apparatus (200a) in the home network to obtain the user's subscription information and policies. The home network apparatus (200b) verifies the request and provides the necessary information to the visited network apparatus (200a).

At step S404, the home network apparatus (200a) queries the UDM apparatus (300) to download subscription information and all associated user identifiers linked to the subscription information. Before the registration procedure is carried out by the UE (100), the network apparatus (200) gets registered with the Network Repository Function (NRF) to get located by the network which require their services. After the registration of the network apparatus, it registers all data with the UDM apparatus (300). The UDM (300) play important role in authentication and authorization. It stores and generates different authentication parameters and creates authentication status which describes the stage at which the authentication procedure resides.

At step S405, the home network apparatus (200a) determines that the received user identifier for the user1 from the visited network apparatus (200b) is not allowed to avail the service during roaming. Upon determining, the home network apparatus (200a) transmits PDU session reject message rejecting the PDU session establishment request message with a cause code, when the home network apparatus (200a) determines that the user identifier is not allowed to avail the service during the roaming. The home network apparatus (200a) provides the cause code that indicates the reason behind the outcome of the procedure, whether it's successful, rejected, or encounters an error.

At step S406, the home network apparatus (200a) transmits the PDU session reject message to the visited network apparatus (200b). Further the visited network apparatus (200b) forwards the PDU session reject message received for the home network apparatus (200a) to the user1 as illustrated at the step S407.

At step S408, the user2 transmits the PDU session establishment request message to the visited network apparatus (200b). Further the visited network apparatus (200b) transmits the PDU session establishment request message from user 2 to the home network apparatus (200a).

At step S409, the visited network apparatus (200b) sends the PDU session establishment request from the user2 to the home network apparatus (200a). At step S410, the home network apparatus (200a) queries the UDM apparatus (300) to download subscription information and all associated user identifiers linked to the subscription information. This step will be optional if the home network apparatus (200a) has already downloaded the information.

At step S411, the home network apparatus (200a), determine the received user identifier from the visited network apparatus (200b) is allowed to avail the service during roaming.

On determining that the user identifier of the user2 to be allowed to avail services during roaming, the home network apparatus (200a), the home network apparatus (200a) accepts PDU session establishment request message received from the visited network apparatus (200b) and transmits the same to the visited network apparatus (200b), along with the user identifier related informations as illustrated at step S412.

At step S413, the visited network apparatus (200b) sends the PDU session accept message for the user2 to the user2 after receiving the PDU session establishment accept message from the home network apparatus (200a).

The operator which provides the user profile id (operator provided identifier) or third party which provides the user profile id (third party provided identifier) have some scenarios to provide services in a restricted manner like the services may not be provided in a particular location or while in roaming. It is proposed that an user profile is created by operator or by third party and then given to operator which should include the details like whether the particular user identifiers should be restricted to avail services during roaming, when the device (the UE/ Subscription Permanent Identifier (SUPI)) is inside a particular location. Also, a subscription should allow to a maximum number of simultaneous usage of user identifier. Hence it is proposed that a new parameter is added to the subscription in UDM apparatus (300) which will define the max number of simultaneous user identifiers allowed.

It is proposed that during registration, the UE (100) indicates its capability to support the user identifier services to the AMF and optionally may provide the list of user identifiers. The AMF download the subscription information for the UE (100) and then downloads all the associated user profile which is linked to the subscription information. In the registration accept, the AMF provides the user identifier related information to the UE (100) which contains that particular user identifier is not allowed to avail service during roaming, not allowed in particular location-like Cell IDs, Tracking Areas and the maximum number of simultaneous allowed user identifiers. If the UE (100) provides the user identifiers in the registration request and the AMF finds that same user identifier is not present (user identifier is either not created or not linked to this subscription) then the AMF may provide that the particular user identifier does not exist.

It is proposed that when the UE (100) is inside the restricted area (not allowed area for the user identifier to avail service from the network) then it should not send any request for the user identifier which is not allowed to get service). But the UE (100) shall allow for other user identifiers for which there is no restriction is defined. If there is an already established PDU session for the user identifier and the UE (100) moves to the inside of restricted area then the UE (100) shall not send any user plane traffic nor Control Plane (CP)-DATA to the network apparatus (200) as the user identifier is restricted to avail the service inside that area. Similarly, the SMF shall not send any downlink data for that particular user identifier when the UE (100) is inside that restricted area. To find whether the UE (100) is inside of restricted area or not, the SMF subscribes to the AMF for "UE mobility event notification" for reporting the UE presence in Area of Interest by providing either the user identifier or the restricted location associated with the user identifier or both. During PDU session establishment the SMF download the subscription profile and the associated user identifiers linked to that subscription and hence will have information of restricted area of that user identifier. If the AMF receives the subscription information from the SMF with restricted area as input from the SMF then the AMF notifies when the UE (100) moves to that restricted area. During registration, the AMF download the subscription profile and the associated user identifiers linked to that subscription information and hence will have information of restricted area of that user identifier. If the AMF receives the subscription information from the SMF as user identifier as input then AMF derives the restricted area and when the UE moves inside that restricted area, notifies to the SMF.

If the UE (100) is not updated with the restricted area information and send the PDU session establishment from one restricted area for a user identifier for which restriction is applied, then either the AMF or the SMF can reject the PDU session and provides the updated restricted area information for the user identifier.

This restricted area information shall be provided by the AMF to NG-RAN so that in Connection Management (CM)-CONNECTED mode, NG-RAN will not select any target cells from the restricted area in the scenario of UE moving from allowed area to restricted area. In an embodiment, the CM-CONNECTED mode refers to the scenario where the UE (100) has an established signalling connection and is actively communicating with the network apparatus (200).

Similarly, it is proposed that when the UE (100) is in roaming then it shall not allow any traffic for the user identifier for which restriction is there for not to get service during roaming. But the UE (100) shall allow for other user identifiers for which there is no restriction is defined. If one UE sends PDU session establishment while in roaming then the visited network apparatus (200b) sends the request to the home network apparatus (200a) in the home routed case. The home network apparatus (200a) will download the subscription information and the associated user identifiers linked to that subscription information. Here the home network apparatus (200a) can identify that the particular user identifier for which request is received from the visited network apparatus (200b) is not allowed to avail the service during roaming and hence it will send the reject with suitable cause code which visited network apparatus (200b) will send to the UE (100) by rejecting the PDU session. The policy may include that the user identifier is not allowed during roaming when availed through some specific device but may be allowed through some devices (like may be allowed if the same user identifier is linked one primary device but now allowed when linked to some secondary devices). The restriction of usage to user identifiers in roaming scenario is explained above in HR case. Again it is proposed that in case Local Break Out(LBO) roaming, operator or third party should not define any DNN as LBO for the user identifier to get service from the network which means if visited network apparatus receives any request with user identifier from the UE then visited network apparatus shall reject the PDU session with suitable cause code by sending to the UE (after it finds that the DN which UE is requesting is LBO and visited network apparatus cannot send request to home network apparatus (200a), rather this request need to process entirely in the visited network apparatus (200b) only).

All these scenarios of user identifier refer the usage of human or non-3GPP devices connected behind a Residential Gateway (RG) or UE. In some cases, there will be more than 1 non-3GPP devices which will be connected behind one RG (or the UE) which does not have NAS capability to send request to the network. Hence on their behalf, this RG or UE shall trigger the NAS connection. During registration it is proposed that AMF shall provide the maximum number of simultaneous usage of active user identifiers to this RG or UE. It is proposed that UE or RG shall not send any request from a user identifier when UE or RG finds that the maximum number of simultaneous usage of active user identifier is reached. If UE or RG has been provided some policy to priorities some specific user identifiers then it is proposed that UE or RG may drop some less priority user identifier and add high priority user identifier in the case when UE or RG finds that the maximum number of simultaneous usage of active user identifier is reached.

Fig. 5 is a sequence diagram that illustrates the procedure executed by NEF/UDM to uniquely assign user identifier to Application Function for successful manage of user profile in communication network system, according to the embodiments as disclosed herein.

One Application Function (AF) (e,g. streaming platform) is expected to assign a unique id as part of user profile which will be tagged to some subscription information through which the specific user will avail services. Hence it is proposed that the AF (200c) through NEF (200d) provision the user profile details as part of the create operation. While creating user profile it is proposed that AF (200c) provides AF identifier, the list or group of Generic Public Subscription Identifier (GPSI) , user identifier (which identifies user profile), the attributes of QoS like bit rate, latency and others, for different kind of services. At present, the AF specific UE Identifier shall not correspond to a Mobile Station International Subscriber Directory Number (MSISDN). It is represented as a GPSI in the form of an External Identifier. When used as an AF specific UE identifier, the External Identifier provided by the 5GCN shall be different for different AF. The AF specific UE identifier is ensured to be unique across different AFs as defined in TS 23.003. The possible parameter mapping includes mapping UE (group) identifiers provided by the AF to identifiers used within the 5GC, e.g. from GPSI to SUPI and/or from External Group Identifier to Internal-Group Identifier. Parameter mapping may also include mapping from the identifier of the Application Function towards internal identifiers such as the DNN and/or the S-NSSAI. Similarly, it is proposed that 5GC provides some external identifier like Generic Public user identifier (GPUI) which maps to user identifier. This AF specific user identifier is ensured to be unique across different AFs within 5GC because same user identifier can be provided by two different AF while provisioning request. Hence to have unique identification, 5GC assigns this GPUI. The format of GPUI can be similar to GPSI.

It is proposed that for future request when AF wants to modify some policy for the same user identifier tagged to the GPSI, it provides AF identifier, GPSI (which uniquely identifies subscription/SUPI) and GPUI (which uniquely identifies user profile) along with modified policy.

Consider a scenario where an Application Function is offering a different kind of services and for each services it has different QoS. Hence in this case it will create a set of user profile and can tagged to a subscription through which these user profiles can be accessed to avail services. Hence it is proposed that AF while provisioning user profile may provide AF identifier, a list/set/group of user identifiers but a single GPSI and then QoS attributes corresponding to each user profile.

It is proposed that AF shall be allowed to revoke or delete user profile and hence provides AF identifier, the GPUI, the GPSI or list/group of GPSIs.

It is proposed that if the user identifier is already having active session and during the same time AF revokes or delete the user identifier then based on the AF/operator policy the session may be terminated.

It is proposed that either one new service operation will be exposed by NEF or existing NEF Nnef_ParameterProvision_Create/Update/Delete service operation will be used to create/update or delete user profile related information.

It is proposed that these user profile related information can be stored at UDM and hence NEF may use a new service operation or existing Nudm_ParameterProvision_Create/Update/Delete service operation will be used.

It is proposed that in case of Trusted AF, AF can directly provision to the UDM using then exposed service operation Nudm_ParameterProvision or a new one.

It is proposed that either NEF or UDM or any other NF can generate GPUI and manage mapping of user identifier to GPUI and shared to AF.

It is proposed that instead of UDM, some other NF like UDR or new NF can store the user profile information which will be used by AMF and/or SMF or any other NF responsible during authentication.

It is proposed that AF provides or assigns the user identifier for the particular user, the credentials for successful authentication and authorization for the user profile at the application layer and it is up to UE implementation, how UE sends the user identifier based on the input from the user (e.g human user by invoking that particular application) to the network for authentication & authorization and then to avail services.

Note: The above cases are applicable for AF assigned user profile/identifier.

It is also proposed that if operator want to provide differentiated services based on the type of user using it, operator can provision some user profiles to the UDM or some other NF using the procedures proposed for NEF.

It is proposed that the operator may store the user identifier, the credentials for successful authentication and authorization for the user profile in PVS (provisioning server) and UE uses user plane remote provisioning mechanism to connect to PVS and download these details from PVS.

It is also proposed that the user profile contains the device details like IMEI/PEI/MAC address using which only these users can avail the service apart from the user identifier, subscriptions/GPSIs, QoS details for corresponding services.

The Fig. 5 is an example sequence diagram illustrating procedure executed by NEF/UDM to uniquely assign user identifier to application function for successfully managing the user profile in the 5G network. At step S501, a Network Function (NF) (200f) subscribes to UDM notifications for the user profile updates if the corresponding device or subscription is already being used by the user identifier and is present in the network (registered and/or session is present).

At step S502, the AF (200c) provisions the user profile information by invoking the Nnef_ParameterProvision_Create service operation. The input details will be AF identifier, set/list/group of GPSI, the user identifier, credentials for user identifier authentication and authorization, list of devices like IMEI/PEI/MAC address, QoS attributes. For future update/modify and delete request will be handled using Nnef_ParameterProvision_Update/Delete operation. During update or delete, AF will provide GPUI instead of user identifier.

At step S503, when the AF (200c) is authorised by the NEF to provision the parameters, the NEF requests to create, the user profile details via Nudm_ParameterProvision_Create message. The NEF (200d) may create GPUI which is to map the user identifier and send to UDM apparatus (300).

At step S504, the UDM apparatus (300) may read from Unified Data Repository (UDR), by means of Nudr_DM_Query, corresponding user profile details in order to validate required data updates and authorize these changes for this subscriber and/or user identifier for the corresponding AF (200c). If NEF (200d) has not created a GPUI, then UDM apparatus (300) may create GPUI and keep the mapping to user identifier.

At step S505, when the AF (200c) is authorised by the UDM to provision the parameters for this subscriber, the UDM apparatus (300) resolves the GPSI to SUPI, GPUI to user identifier and requests to create, update or delete the user profile via Nudr_DM_Create/Update/Delete Request message, the message includes the user profile data.

At step S506, the UDM apparatus (300) responds the request with Nudm_ParameterProvision_Create/Update/Delete Response. If the procedure failed, the cause value indicates the reason. When the UDM has created the GPUI then UDM apparatus (300) will provide it to NEF (200d).

At step S507, the NEF (200d) responds the request with Nnef_ParameterProvision_Create/Update/Delete Response. If the procedure failed, the cause value indicates the reason. If NEF (200d) has created the GPUI then NEF (200d) will provide it to the AF (200c), which the AF (200c) will use in future operation like update or delete of user profile.

At step S508, conditionally this step occurs only after successful Nudr_DM_Update, the UDM apparatus (300) notifies the subscribed Network Function of the user profile data via Nudm_SDM_Notification Notify message.

Similarly, the same user identifier assigned by two different AFs will create problem when trying to get service from the network as the network need to distinguish the AF for which the user identifier belongs to. Hence it is proposed that the user identifier need to be authenticated and authorized before providing service by network during session management procedures only as during this time the UE (100) will make PDU session which will be directed or indicated to one particular AF which may be identified by DNN/S-NSSAI or App ID. In another proposal the UE (100) may add some AF (200c) identifier to user identifier to make it unique before sending request to network and this will be based on UE implementation.

Example:

If two subscription based streaming applications, application 1 and application 2 are installed in the UE (100) and both applications have assigned same user identifier (say, UserID1) for two different user.

One user invoked application 1 and the UE received UserID1 as input from the app but will add AF identifier to user identifier which means UserID1@application_1 will be the user identifier which will be sent to the network.

Similarly other user invoked application 2 and the UE received UserID1 as input from the app but will add AF identifier to user identifier which means UserID1@Application_2 will be the user identifier which will be sent to network.

In this way UE will maintain uniqueness of the user identifier across AF.

The solutions which are defined for NR(5GC) are also applicable to legacy RATs like E-UTRA/LTE, the corresponding CN entities needs to be replaced by LTE entities for e.g. AMF with MME, g-nodeB with e-nodeB, UDM with HSS etc. But principles of the solution remains same.

The Network used in this embodiment is explained using any 5G Core Network Function for e.g. AMF. However, the network could be any 5G/EUTRAN Core Network Entities like AMF/SMF/MME/UPF or the Network could be any 5G/EUTRAN RAN Entity like eNodeB (eNB) or gNodeB (gNB) or NG-RAN etc.

The messages used or indicated in this embodiment are shown as an example. The messages could be any signalling messages between UE and the Network Functions/Entities or between different Network functions/entities.

Similarly the service operation name given in this invention is illustration purposes only. Any other name can be used to convey the information.

Fig. 6 is a flow diagram that illustrates the method for handling user identifiers associated with the UE in the communication network system, according to the embodiments as disclosed herein.

At step S601, the network apparatus (200) receives a request message from the UE, where the request message includes an indication indicating a UE capability to support a user identifier service.

At step S602, the network apparatus (200) generate response message which includes a user identifier information. The user identifier information includes at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including the list of cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200).

At step S603, the network apparatus (200), transmit the response message with the user identifier information to the UE (100).

Fig. 7 is a flow diagram that illustrates the method of handling user identifiers associated with the UE in a communication network system, according to the embodiments as disclosed herein.

At step S701, the UE (100) sends the request message to the network apparatus (200). The request message includes an indication indicating the UE capability to support the user identifier service, where the UE (100) supports a list of user identifiers to the user identifier service from the network apparatus (200).

At step S702, the UE (100) receives the response message comprising user identifier information from the network apparatus (200). The user identifier information includes at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including list of Cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200).

At step S703, the UE (100) detects whether the UE (1000 is in the roaming or the UE (100) has moved inside the restricted area.

On detecting that the UE (100) to be in the roaming or the UE (100) has moved inside restricted area based on user identifier information, the UE (100) sends the request for other user identifiers for which no restriction is defined at the network apparatus (200) as illustrated at the step S704. Further if the UE (100) detects that the UE (100) is in the roaming or the UE (100) is inside the restricted area, the UE (100) skips sending any request for the other user identifiers that is not allowed to avail the service from the network apparatus (200) by considering current user identifier as restricted to avail the service.

Fig. 8 is a flow diagram that illustrates the method for handling user identifiers associated with the UE (100) during roaming conditions in a communication network system (400), according to the embodiments as disclosed herein.

At step S801, the visited network apparatus (200b) receives the PDU session establishment request message from the UE (100) with the user identifier while the UE (100) is in roaming.

At step S802, the visited network apparatus (200b) determines whether the DNN requested by the UE (100) is defined as the HR roaming.

At step S803, the visited network apparatus (200b) forwards the PDU session establishment request message to the home network apparatus (200a). On receiving the PDU session establishment request message from the visited network apparatus (200b), the home network apparatus (200a) download subscription information along with the user identifier information linked to the subscription information for the UE (100) from the UDM apparatus (300) as illustrated at step S804.

At step S805, the home network apparatus (200a) determines whether the received user identifier from the visited network apparatus (200b) is allowed to avail the service during roaming. Further on detecting that the home network apparatus (200a) is not allowed to avail the service during the roaming, the home network apparatus (200a) transmits the PDU session reject message rejecting the PDU session establishment request message with a cause code to the visited network apparatus (200b), when the home network apparatus (200a) determines that the user identifier is not allowed to avail the service during the roaming as illustrated at step S806.

At step S807, the visited network apparatus (200b) forwards the the PDU session reject message with the cause code to the UE (100).

Fig. 9 is a flow diagram that illustrates the method for handling user identifiers associated with the UE during roaming particularly, in Local Break Out (LBO) roaming conditions in a communication network system, according to the embodiments as disclosed herein.

At step S901, the visited network apparatus (200b) receives the PDU session establishment request message from the UE (100) with a user identifier while the UE (100) is in roaming. Further the visited network apparatus (200b) determines whether the DNN requested by the UE (100) is defined as the LBO roaming.

The LBO roaming is a 5G roaming case refers to the scenario where the user's data session is established in the visited network apparatus. That is the user data traffic is routed directly to the internet through a local breakout point within the visited network, bypassing the home network. This approach reduces latency and optimizes network resources by avoiding unnecessary traffic backhaul.

At step S903, the visited network apparatus (200b) rejects the PDU session establishment request message with a cause code, after determining that the DNN requested by the UE (100) is defined as the LBO roaming.

Further the visited network apparatus (200b) sends the PDU session reject message to the UE (100), without forwarding the PDU session establishment request message to the home network apparatus (200a) as illustrated at step S904.

The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the scope of the embodiments as described herein.

Claims (15)

1. A method performed by a network apparatus (200) in a communication network system, the method comprising:

   receiving, a request message from the UE (100), wherein the request message comprises an indication indicating a UE (100) capability to support a user identifier service;

   generating, a response message comprising a user identifier information; and

   transmitting, the response message with the user identifier information to a user equipment (UE) (100),

   wherein the user identifier information comprises at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including the list of cells or Tracking Areas (TA), and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200).
2. The method of claim 1, further comprising:

   downloading, a subscription information along with the user identifier information linked to the subscription information for the UE (100) from at least one of Unified Data Management (UDM) apparatus (300) and Unified Data Repository (UDR) apparatus (301);

   generating, the response message by adding the user identifier information; and

   receiving, a list of user identifiers associated with the UE (100).
3. The method of claim 1, wherein at least one of an Access Management Function (AMF) and a Session Management Function (SMF), and

   wherein the request message comprises at least one of a registration request message, a PDU session establishment request message and a PDU session modification request message.
4. The method of claim 1, further comprising:

   receiving, a PDU session establishment request or PDU session modification request message from the UE (100) with the user identifier;

   determining, whether the user identifier is allowed to avail the service from the network apparatus (200) in the restricted area based on the user identifier information; and

   sending a PDU session reject message to the UE (100), when the user identifier is not allowed to avail the service from the AMF or the SMF in the restricted area with a suitable reject cause code, or sending a PDU session accept message to the UE (100), when the user identifier is allowed avail the service from the AMF or the SMF in the restricted area;

   detecting, an already established PDU session for a user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area when the UE (100) is in roaming or the UE (100) is inside the restricted area; and

   skipping sending, any user plane downlink packets to the UE (100) for the PDU session.
5. A method performed by a User Equipment (UE) (100) in a communication network system, comprising:

   sending, a request message to a network apparatus (200), wherein the request message comprises an indication indicating that a UE (100) capability to support the user identifier service, wherein the UE (100) supports a list of user identifiers to the user identifier service from the network apparatus (200);

   receiving, a response message comprising user identifier information from the network apparatus (200), wherein the user identifier information comprises at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including list of Cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200);

   detecting, whether the UE (100) is in the roaming or the UE (100) has moved inside the restricted area and based on the received user identifier information; and

   performing, by the UE (100), one of:

   sending a request for other user identifiers for which no restriction is defined to the network apparatus (200), when the UE (100) is not in the roaming or the UE (100) is not inside the restricted area, and

   skip sending by the UE (100) any request for the other user identifiers that is not allowed to avail the service from the network apparatus (200) by considering current user identifier as restricted to avail the service, when the UE (100) is in the roaming or the UE (100) is inside the restricted area.
6. The method of claim 5, further comprising:

   detecting, that for an already established PDU session for the user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area when the UE (100) is in the roaming or the UE (100) is inside the restricted area;

   deactivating, the PDU session established for the user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area; and

   skip sending, by the UE (100), any user plane uplink traffic or control plane data (CP-DATA) to the network apparatus (200) during a period in which the UE (100) is inside the restricted area,

   transmitting, a PDU session establishment request message or a PDU session modification request message from the restricted area to the network apparatus (200), wherein the network apparatus (200) receives the PDU session establishment request message in the restricted area where a user identifier is restricted to avail the service from the network apparatus (200); and

   receiving, by the UE (100), a PDU session reject message from the network apparatus (200) when the user identifier is not allowed avail the service from the network apparatus (200) in the restricted area with a suitable reject cause code.
7. The method of claim 5, wherein the network apparatus (200) comprises at least one of an Access Management Function (AMF) and Session Management Function (SMF).
8. The method of claim 5, wherein the request message comprises at least one of a registration request message, a PDU session establishment request message and a PDU session modification request message.
9. A User Equipment (UE) (100) E in a communication network system, the UE comprising:

   a memory (101);

   a processor (103); the processor comprised to:

   a user identifier service controller (104), actively coupled with the memory (101) and the processor (103), wherein the user identifier service controller (104):

   sends a request message to a network apparatus (200), wherein the request message comprises an indication indicating that a UE (100) capability to support the user identifier service, wherein the UE (100) supports a list of user identifiers to the user identifier service from the network apparatus (200);

   receives a response message comprising user identifier information from the network apparatus (200), wherein the user identifier information comprises at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including list of Cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200);

   detects whether the UE (100) is in the roaming or the UE (100) has moved inside the restricted area and based on the user identifier information; and

   performing, by the UE (100), one of:

   sends a request for other user identifiers for which no restriction is defined to the network apparatus (200), when the UE (100) is not in the roaming or the UE (100) is not inside the restricted area, and

   skips sending any request for the other user identifiers that is not allowed to avail the service from the network apparatus (200) by considering current user identifier as restricted to avail the service, when the UE (100) is in the roaming or the UE (100) is inside the restricted area.
10. The UE (100) of claim 9, wherein the processor is further comprised to:

    detect that for an already established PDU session for the user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area when the UE (100) is in the roaming or the UE (100) is inside the restricted area;

    deactivate the PDU session established for the user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area; and

    skip sending any user plane uplink traffic or control plane data (CP-DATA) to the network apparatus (200) during a period in which the UE (100) is inside the restricted area.
11. The UE (100) of claim 9, wherein the processor is further comprised to:

    transmit a PDU session establishment request message or PDU session modification request message from the restricted area to the network apparatus (200), wherein the network apparatus (200) receives the PDU session establishment request message in the restricted area where a user identifier is restricted to avail the service from the network apparatus (200); and

    receive a PDU session reject message from the network apparatus (200) when the user identifier is not allowed avail the service from the network apparatus (200) in the restricted area with a cause code, wherein the request message comprises at least one of a registration request message, a PDU session establishment message and a PDU session modify request message.
12. A network apparatus (200) in a communication network system, the network apparatus comprising:

    a memory (201);

    a processor (203); the processor comprised to:

    a user identifier service controller (204), actively coupled with the memory (201) and the processor (203), wherein the user identifier service controller (204):

    receives a request message from the UE (100), wherein the request message comprises an indication indicating a UE (100) capability to support a user identifier service;

    generates a response message comprising a user identifier information, wherein the user identifier information comprises at least one user identifier associated with the UE (100) that is restricted to avail a service from the network apparatus (200) during roaming or within a restricted area including the list of cells or Tracking Areas, and a maximum number of simultaneous allowed user identifiers for the UE (100) to avail the service from the network apparatus (200); and

    transmits the response message with the user identifier information to the UE (100).
13. The network apparatus (200) of claim 12, wherein the processor is further comprised to:

    download a subscription information along with the user identifier information linked to the subscription information for the UE (100) from at least one of UDM apparatus (300) and Unified Data Repository (UDR) apparatus (301); and

    generate the response message by adding the user identifier information.
14. The network apparatus (200) of claim 12, wherein the processor is further comprised to:

    receive a list of user identifiers associated with the UE (100), wherein the network apparatus (200) comprises at least one of an Access Management Function (AMF) and Session Management Function (SMF), wherein the request message comprises at least one of a registration request message, a PDU session establishment message and a PDU session modify request message.
15. The network apparatus (200of claim 12, wherein the processor is further comprised to:

    receives a PDU session establishment or PDU session modification request message from the UE (100), wherein the AMF or the SMF receives the PDU session establishment request message in the restricted area where a user identifier of the UE (100) is restricted to avail the service from the AMF or the SMF;

    determines whether the user identifier is allowed to avail the service from the network apparatus (200) in the restricted area based on the user identifier information;

    perform one of:

    sends a PDU session reject message to the UE (100), when the user identifier is not allowed to avail the service from the AMF or the SMF in the restricted area with a cause code, and

    sends a PDU session accept message to the UE (100), when the user identifier is allowed avail the service from the AMF or the SMF in the restricted area,

    detects, an already established PDU session for a user identifier which is not allowed to avail the service from the network apparatus (200) in the restricted area when the UE (100) is in the roaming or the UE (100) is inside the restricted area; and

    skips sending any user plane downlink packets to the UE (100) for the PDU session.