BACKGROUND

[0001] Fourth Generation (4G) and Fifth Generation (5G) mobile network systems connect a User Equipment (UE) to of many Base Stations (BSs) via a radio link, allowing them to exchange messages and data packets. These networks also relay these messages and data packets between the base station and other networks, e.g., the Internet, via a so-called core network. Moreover, base stations are connected to facilitate handovers, where control of the UE-to-base station connection is passed from one base station to another. This control transfer is referred to as a handover. The link between the base station and the core network, as well as the links between base stations, are called backhaul links in what follows.

[0002] Radio access security in 4G and 5G comprises two main parts - it protects the radio link between the UE and its base station and it protects the backhaul link. The messages passed between the UE and the base station are transported over the radio link by the Packet Data Convergence Protocol (PDCP), which encrypts the messages. PDCP is a stateful protocol, and the UE and the BS maintain their own local views of the global state. Such a local view is referred to herein as a “PDCP state”, and it contains cryptographic keys, message sequence numbers and other processing information.

[0003] When backhaul links are encrypted, they make use of the Internet Protocol (IP) security (IPsec) protocol suite and possibly the Transport Layer Security (TLS) protocol.

[0004] An important aspect, and the source of much complexity in the 4G and 5G radio access security designs, is damage compartmentalization in the face of PDCP state compromise.

Intuitively, the goal is to ensure that PDCP state protecting communication between the UE and one BS is not compromised even if PDCP state protecting the communication between the same UE and another BS is compromised.

[0005] The reason for concern in the first place is that when the UE is handed over from a source BS to a target BS, the (target) PDCP state in the target BS is derived in part from the (source) PDCP state in the source BS. The problem is emphasized by so called X2 and Xn handovers, where even encryption keys in the target PDCP state are derived from keys in the source PDCP state.

[0006] Both 4G and 5G protect the source PDCP state from a target PDCP state compromise after X2/Xn handover by a method which could be described simplistically as “hash and forget”. The idea has its roots in Bellare and Yee, and essentially consists of deriving a new state from an old state using a function that is difficult to even partially invert, followed by deleting the old state.

[0007] Figure (FIG.) 1 illustrates the method when applied to a generalized model of 4G and 5G. More specifically, FIG. 1 illustrates the mechanism used prevent a compromise of the target base station BSt from endangering the source PDCP state, and specifically the key Ki, protecting the PDCP connection between the UE and the source base station BS _s after an X2 or Xn handover. Dashed lines indicate connections. The derivation function is the Key Derivation Function (KDF) based on HMAC-SHA256 used in both 4G and 5G. First, there is a PDCP connection between the UE and the source base station BS _s (step 1). Next, an X2/Xn handover occurs and the key K2 is derived by the UE and BS _s . BS _s also transmits K2 over a secure channel SecCh, for example protected by IPsec, to the target base station BSt (step 2). Finally, in step 3, the UE and BSt protect their communication using the key K2. Crucial for compartmentalization is now that BS _s and the UE delete, i.e., forget, their local PDCP states used when protecting their communication. Failing to do so results in that, if an adversary breaks into BS _s , the adversary would be able to obtain the PDCP state for BSt by simply applying the KDF.

[0008] The example is reduced to its essence; in 4G and 5G, the PDCP state is much more complicated, and many derivations of key material take place at handover. A reader familiar with the standards texts may think of Ki as K _S NB in 4G and as K ₈ NB in 5G.

[0009] 4G and 5G both come with several layers of security, and in addition to the cryptographic protection discussed above, the processing of making use of the PDCP states in the base stations are required to take place in a TEE. While not completely specified by, the TEE is assumed to be a physically protected processing environment, which is much more difficult to access than other parts of the base station. An example is a processor encapsulated in a ceramic compound, which will physically destroy the processor if tampered with.

[0010] The base station receives messages encrypted by PDCP from the UE and decrypts these messages. Therefore, after decryption, these messages are available in cleartext in the base station before the base station applies IPsec and encrypts them again for transport over the backhaul link. All this processing takes place inside the TEE of the base station. Furthermore, when a X2/Xn handover occurs, the base station also derives the target PDCP state, including the keys, and protects it using IPsec inside the TEE before passing it to the target base station. The IPsec protection is the secure channel (2) in FIG. 1 and in FIG. 2. FIG. 2 illustrates cryptographic processing inside a base station. The IPsec processing takes place in the TEE and here is where the message m, containing the derivative of the source PDCP state, is encrypted before being sent to the target base station.

[0011] There currently exist certain challenge(s). As just explained, a crucial action in the handover compartmentalization mechanism is deleting the previous PDCP state. Without this action, the mechanism does not achieve its goal. A description of why the existing mechanism is insufficient in this regard will now be provided.

[0012] Establishing a new IPsec connection is a computationally expensive operation including additional signaling compared to simply protecting a message over an existing IPsec connection. Because of this, IPsec connections tend to be long-lived. While long lifetimes are a relative notion, it is fair to say that each IPsec connection between two base stations is likely to protect thousands, or even millions, of handover messages before being reestablished. The lifetime of an IPsec connection could be as long as weeks or months. In the end it is an operator policy decision, but certainly it is unacceptable from a performance perspective to re-establish IPsec connections after every handover.

SUMMARY

[0013] Various embodiments of the disclosed subject matter have been developed in consideration of various shortcomings of conventional technologies, as recognized by the inventor. Certain examples of these shortcomings, as well as selected embodiments, are described below.

[0014] Use of long-lived IPsec connections weakens 4G and 5G in a way not yet discussed or resolved. Namely, consider the following attack. An adversary eavesdrops and records the IPsec protected messages between base station BS _s and BSt without being able decrypt them. Likewise, the adversary records and stores all PDCP traffic sent between BSt and UEs. At a later point in time, before the IPsec tunnel is re-established with new keys, the adversary breaks into BS _s . Even though BS _s has deleted the source PDCP states for every UE it has handed over to BSt, the IPsec processing state remains the same, and it contains the encryption key used for all the messages that the adversary previously recorded. By obtaining the IPsec state and encryption keys, the adversary can now decrypt the recorded messages and retrieve the key K2 encoded inside for each handover.

[0015] With access to these K2 keys, the adversary has not only broken the compartmentalization principle, but very practically, the adversary can use the keys to decrypt the stored PDCP traffic sent between BSt and UEs. This reveals the cleartext of the UEs' communications and ultimately violates the users' privacy.

[0016] The IPsec connection would have to be re-established or re-keyed for every handover to prevent this attack, which is prohibitively complicated as noted above.

[0017] Amplifying the problem is the fact that for other types of handovers, e.g., SI and N2 handovers, a similar attack applies, requiring other IPsec connections to be re-established or rekeyed analogously.

[0018] A reasonable question is whether these attacks are practically relevant. As pointed out earlier, 3GPP spent a lot of effort and justified much complexity in the 4G and 5G designs by the threat of an attacker breaking into a base station and obtaining the PDCP state and keys. IPsec and TLS processing and its state is required to be processed inside the same TEE as where the PDCP state is stored. Therefore, it is equally likely that an adversary may obtain the IPsec or TLS state stored in the same TEE. From this perspective, if adversaries are strong enough to perform the attacks 3GPP intended to mitigate, but failed to fully do, they are strong enough to perform the attacks described herein.

[0019] Some aspects of the disclosed subject matter may provide solutions to these or other challenges. The solution is independent of the IPsec tunnels and potential additional TLS tunnels for the X2/Xn interfaces. This approach minimizes architectural impact - these tunnels serve a more general purpose than only protecting the handovers and are useful separately. [0020] Some embodiments of the disclosed subject matter relate to encrypting the key K2 , e.g., KeNB* or K _g NB* in the 3GPP specifications, with a new key that is disposed of after the handover. The encrypted K2 is then transmitted in the IPsec tunnel to BSt. This way, adversaries cannot obtain K2 in cleartext even if they break into BS _s after the handover and get access to the IPsec tunnel state. The effect is that all state required for a successful attack is deleted after handover, thwarting the adversaries' attempts and restoring user privacy.

[0021] Certain embodiments of the disclosed subject matter are implemented in a system comprising a user equipment (UE), a source base station (BS _s ), and a target base station (BSt). The UE has a cryptographic key Ki and shares it with BS _s . BS _s additionally has a cryptographic key KKEK, which it shares with BSt. The UE and BS _s protect their communications using Ki. [0022] In some embodiments, When the UE is handed over from BS _s to BSt, BS _s generates a cryptographic key K2, encrypts it using KKEK and transmits the encrypted K2 to BSt. The UE also generates K2. After the handover, the UE and BSt protect their traffic using K2, and both BS _s and BSt derive a new key KKEK' from KKEK using a key derivation function. They will use KKEK' to encrypt the K2 for the next handover, regardless of whether that K2 is associated with the UE or a different UE. BS _s and BSt next deletes KKEK-

[0023] Some embodiments of the disclosed subject matter relate to derivation, processing, and transmission of keys K2, KKEK and KKEK‘, primarily in BS _s and BSt. Some embodiments also include processing of these keys in the UE.

[0024] Some embodiments may provide one or more of the following technical advantage(s):

• Securing 4G and 5G networks so that the intended compartmentalization is actually achieved, ensuring end user privacy. • Providing independence of the underlying IPsec and/or TLS tunnels used for transport protection, which may be a key to avoid having to re-establish the tunnels after every handover.

[0025] In some embodiments, a method performed by UE comprises transmitting and/or receiving messages or packets to and/or from a first network node over a first connection that is protected with a first key, Ki. When preparing for a handover of the UE from the first network node to a second network node, the UE either receives a second key, K2, from the first network node over the first connection or generates the second key, K2, based on a third key, KKEK, to be used in association with preparation for the handover and a freshness value, v, (e.g., received from the first network node over the first connection). The UE also transmits and/or receives messages or packets to and/or from the second network node over a second connection between the second network node and the UE that is protected with the second key, K2.

[0026] In some embodiments, a method performed by a first network node comprises transmitting and/or receiving messages or packets to and/or from a UE over a first connection that is protected with a first key, Ki. When preparing for a handover of the UE from the first network node to a second network node, the UE generates a second key, K2, encrypts the second key, K2, with a third key, KKEK, thereby providing an encrypted second key,

Deletes the third key, KKEK, and transmits a message to the second network node, the message comprising the encrypted second key.

[0027] In some embodiments, a method performed by a second network node comprises, in preparation for a handover of a UE from a first network node to the second network node, receiving a message from the first network node, the message comprising an encrypted key, decrypting the encrypted key based on a first key, KKEK, to provide a decrypted key, K2; deleting the first key, KKEK, and transmitting and/or receiving messages or packets to and/or from the UE over a connection between the second network node and the UE that is protected with the decrypted key, K2.

[0028] In some embodiments, a method performed by a first network node comprises transmitting and/or receiving messages or packets to and/or from a UE over a first connection that is protected with a first key, Ki, when preparing for a handover of the UE from the first network node to a second network node generating a second key, K2, based on a third key, KKEK, to be used for the handover and a freshness value, v, deleting the third key, KKEK, and transmitting a message to the second network node, the message comprising the freshness value, v.

[0029] In some embodiments, a method performed by a second network node comprises, during preparation for a handover of a UE from a first network node to the second network node receiving a message from the first network node, the message comprising a freshness value, v, generating a first key, K2, based on a second key, KKEK, for use for the handover and the freshness value, v, and deleting the second key, KKEK, transmitting and/or receiving messages or packets to and/or from the UE over a connection between the second network node and the UE that is protected with the first key, K2.

BRIEF DESCRIPTION OF THE DRAWINGS

[0030] The drawings illustrate selected embodiments of the disclosed subject matter. In the drawings, like reference labels indicate like features.

[0031] FIG. 1 illustrates aspects of a method performed by a 4G or 5G system.

[0032] FIG. 2 illustrates aspects of cryptographic processing inside a base station.

[0033] FIG. 3 illustrates a system in which certain embodiments of the disclosed subject matter may be implemented.

[0034] FIG. 4 illustrates a base station and a UE accordance with some embodiments of the disclosed subject matter.

[0035] FIG. 5 illustrates a signaling flow according to some embodiments of the disclosed subject matter.

[0036] FIG. 6 illustrates a signaling flow according to some embodiments of the disclosed subject matter.

[0037] FIG. 7 shows an example of a communication system according to some embodiments of the disclosed subject matter.

[0038] FIG. 8 shows a UE according to some embodiments of the disclosed subject matter.

[0039] FIG. 9 shows a network node according to some embodiments of the disclosed subject matter.

[0040] FIG. 10 is a block diagram of a host according to some embodiments of the disclosed subject matter.

[0041] FIG. 11 is a block diagram illustrating a virtualization environment according to some embodiments of the disclosed subject matter.

[0042] FIG. 12 shows a communication diagram of a host according to some embodiments of the disclosed subject matter.

DETAIEED DESCRIPTION

[0043] Some embodiments of the disclosed subject matter are described below with reference to the accompanying drawings. These embodiments are presented as teaching examples and are not to be construed as limiting the scope of the disclosed subject matter.

[0044] FIG. 3 illustrates a system 300 (e.g., a wireless network which is preferably, but not necessarily, a 4G (LTE) or 5G (NR) radio access network) in which certain embodiments of the disclosed subject matter may be implemented. The system 300 includes two base stations, a source base station (BS _s ) 302 and a target base station (BSt) 304, communicating with a user equipment (UE) 306. The system 300 is capable of handing over communications with the UE 306 from BS _s 302 to BSt 304.

[0045] As conventional version of the system 300 is in itself well established and known from, e.g., 4G and 5G, but it is vulnerable to the attacks described above. Embodiments of the disclosed subject matter relate to procedures performed in the system 300 to mitigate these attacks by introducing a new function, called the Infrastructure Protection Function (IPF) (see FIG. 4), to the source and target base stations. Note that the name “IPF” is only an example; any suitable name may be used for this function. As such, the term “IPF” is to be understood as referring to any such function, regardless of its actual name.

[0046] FIG. 4 illustrates BS _s 302, BSt 304, and UE 306 in more detail, in accordance with some embodiments of the disclosed subject matter. Note that the dashed lines around KKEK and KKEK’ in the UE 306 indicate that they are not present in the UE 306 for all embodiments. BS _s 302 includes a UE Traffic Protection Function (UE TPF) 400 and an IPF 402. Likewise, BSt 304 includes a UE TPF 404 and an IPF 406. The UE TPF 400/404 protects the traffic between the base station 302/304 and the UE 306. The UE TPF 400 in BS _s 302 bases its protection on the key Ki, and the UE TPF 404 in BSt 304 bases its protection on the key K2. In 4G and 5G, this protection is instantiated by the PDCP protocol, and the keys Ki and K2 can for example correspond to the keys K _S NB and K ₈ NB.

[0047] The IPF 402, 406 ensures that the UE TPFs 400, 404 acquire the compartmentalization that 3GPP initially intended. The IPF 402 in the BS _s 302 and the IPF 406 in the BSt 304 share a key encryption KKEK. The IPF 402 in the BSs 302 encrypts K2 with this KKEK and transmits the result to the IPF 406 in the BSt 304 who decrypts it. After this, both the IPF 402 in the BS _s 302 and the IPF 406 in the BSt 304 derive a new KKEK’ from the KKEK and discard KKEK-

[0048] FIG. 5 illustrates a signaling flow for various embodiments of the disclosed subject matter. As shown in FIG. 5, a first connection is established between the UE 306 and the UE TPF 400 of BS _s 302 (step 500). This connection is protected by the key Ki. Protection could be for example encryption or integrity protection of messages or packets sent between the two entities. Being protected by a key means, for example, that the key itself is an encryption key or integrity protection key. Another example is that an encryption or integrity protection key is derived in one or more steps from the key Ki. [0049] When preparing for a handover, the IPT 402 in the BS _s 302 generates a key K2 and encrypts it using the key KKEK (step 502). The encryption operation is denoted Enc in FIG. 5. The encrypted key K2 is denoted m, and BS _s 302 then transmits m to the IPT 406 in the BSt 304 (step 504). The IPT 402 in BS _s 302 also derives a new key KKEK’ from the previous KKEK and deletes the previous KKEK (also in step 502). The new KKEK’ is to be used for the next handover. [0050] Once the IPT 406 in the BSt 304 receives m, it decrypts m to obtain K2 (step 506) and uses K2to protect the traffic to and from the UE 306 (step 510). The IPT 406 in the BSt 304 also derives the new key KKEK’ from the previous KKEK and deletes the previous key KKEK (also in step 506). The new KKEK’ is to be used for the next handover.

[0051] The UE also generates key K2 (step 508) and uses the key K2 to protect the traffic to and from the BSt 304 (step 510).

[0052] K2 can, for example, be generated by applying a key derivation function (KDF) or a pseudorandom function (PRF) to key Ki and optionally other inputs. K2 may be derived from Ki in more than one step. It could also be derived, e.g., by a KDF or PRF from the KKEK or from another key and possibly other parameters in one or more steps.

[0053] In another embodiment, K2 is not transmitted from BS _s 302 to BSt 304, but is rather generated from KKEK and possibly a fresh value v. FIG. 6 illustrates a signaling flow according to some embodiments of the disclosed subject matter. As shown in FIG. 6, a first connection is established between the UE 306 and the UE TPF 400 of BS _s 302, as described above with respect to step 500 of FIG. 5 (step 600). When preparing for a handover, the IPT 402 in the BS _s 302 generates a key K2 by inputting KKEK and a fresh value v into a function g, which may be a KDF or a PRF or another function that is expected to be practically infeasible to invert, e.g., a function based on a standard and well-known hash function or key derivation function such as SHA-256 or HKDF (step 602). The fresh value v can be, for example, a counter, a freshly generated random value, or a timestamp. The IPT 402 in BS _s 302 also derives a new key KKEK’ from the previous KKEK and deletes the previous KKEK (also in step 602). The new KKEK’ is to be used for the next handover.

[0054] The IPT 402 in the BS _s 302 sends the fresh value v as message m to BSt 304 (step 604). The IPT 406 at the BSt 304 can then derive K2 in the same way (step 606). The UE 306 also derives or obtains K2 (step 608), and this can be achieved by, for example, K2 being sent to the UE 306 using the UE TPF 400 in BS _s 302. In another embodiment, the UE 306 has access to the KKEK, and the UE TPF 400 in BS _s 302 sends the fresh value v to the UE 306. The UE 306 then derives K2 from the KKEK and possibly the fresh value v and possibly other inputs. The UE 306 and the BSt use the key K2 to protect the traffic between the UE 306 and the BSt 304 (step 610). [0055] When the KKEK is known to the UE 306, the KKEK must be specific to the UE 306 or a set of associated UEs. This is because if two UEs associated with different subscriptions use the same KKEK, they may be able to eavesdrop on each other’ s communications and decrypt it. [0056] In some embodiments, the UE 306 then computes KKEK’ from KKEK in the same way as BS _s 302 did and then deletes KKEK. In another embodiment, the BS _s 302 or the BSt 304 transmits a new KKEK‘ to the UE 306.

[0057] In yet another embodiment, the KKEK and KKEK’ are derived by BS _s 302 and/or BSt 304 and/or the UE 306 from a separate key KROOT and possibly a freshness value VROOT, where VROOT may be a counter, a timestamp, or a randomly generated value. The key KROOT and VROOT is available to the entity requiring it for derivation of KKEK and KKEK’, e.g., via configuration or being derived in a key establishment process, which could involve authentication or a transition from an idle state to a connected state in a non-access stratum protocol.

[0058] The person- skilled-in the art appreciates that BS _s 302 may transfer the information necessary to derive K2 and/or KKEK and/or KKEK’ to BSt 304 and/or to the UE 306 in one or more messages. The information may also be available to either of them implicitly or being communicated to them by a fourth party.

[0059] Backwards compatibility. If the method is introduced in an existing system such as 4G or 5G, it could be the case that not all base stations are updated simultaneously. In this case, an updated source base station must be aware of whether the target base station is capable of the new method. This information can be pre-configured in the source base station or could be negotiated between the base stations. In some embodiments, the base stations, during a setup phase, indicate their capability to perform the method to each other. In some embodiments, the UE indicates to the core network, possibly in its UE Security Capability information element, that it is capable of performing the method. The core network then informs the base station the UE connects to of this capability. The source base station may then indicate the UE’s capability to the target base station. The UE may indicate to the source base station or the target base station of the UE’s capability to perform the method directly. This could be done by sending a message to the corresponding base station using for example the Radio Resource Control (RRC) protocol.

[0060] FIG. 7 shows an example of a communication system 700 in accordance with some embodiments.

[0061] In the example, the communication system 700 includes a telecommunication network 702 that includes an access network 704, such as a Radio Access Network (RAN), and a core network 706, which includes one or more core network nodes 708. The access network 704 includes one or more access network nodes, such as network nodes 710A and 710B (one or more of which may be generally referred to as network nodes 710), or any other similar Third Generation Partnership Project (3GPP) access node or non-3GPP Access Point (AP). The network nodes 710 facilitate direct or indirect connection of User Equipment (UE), such as by connecting UEs 712A, 712B, 712C, and 712D (one or more of which may be generally referred to as UEs 712) to the core network 706 over one or more wireless connections.

[0062] Example wireless communications over a wireless connection include transmitting and/or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and/or other types of signals suitable for conveying information without the use of wires, cables, or other material conductors. Moreover, in different embodiments, the communication system 700 may include any number of wired or wireless networks, network nodes, UEs, and/or any other components or systems that may facilitate or participate in the communication of data and/or signals whether via wired or wireless connections. The communication system 700 may include and/or interface with any type of communication, telecommunication, data, cellular, radio network, and/or other similar type of system.

[0063] The UEs 712 may be any of a wide variety of communication devices, including wireless devices arranged, configured, and/or operable to communicate wirelessly with the network nodes 710 and other communication devices. Similarly, the network nodes 710 are arranged, capable, configured, and/or operable to communicate directly or indirectly with the UEs 712 and/or with other network nodes or equipment in the telecommunication network 702 to enable and/or provide network access, such as wireless network access, and/or to perform other functions, such as administration in the telecommunication network 702.

[0064] In the depicted example, the core network 706 connects the network nodes 710 to one or more hosts, such as host 716. These connections may be direct or indirect via one or more intermediary networks or devices. In other examples, network nodes may be directly coupled to hosts. The core network 706 includes one more core network nodes (e.g., core network node 708) that are structured with hardware and software components. Features of these components may be substantially similar to those described with respect to the UEs, network nodes, and/or hosts, such that the descriptions thereof are generally applicable to the corresponding components of the core network node 708. Example core network nodes include functions of one or more of a Mobile Switching Center (MSC), Mobility Management Entity (MME), Home Subscriber Server (HSS), Access and Mobility Management Function (AMF), Session Management Function (SMF), Authentication Server Function (AUSF), Subscription Identifier De-Concealing Function (SIDE), Unified Data Management (UDM), Security Edge Protection Proxy (SEPP), Network Exposure Function (NEF), and/or a User Plane Function (UPF).

[0065] The host 716 may be under the ownership or control of a service provider other than an operator or provider of the access network 704 and/or the telecommunication network 702, and may be operated by the service provider or on behalf of the service provider. The host 716 may host a variety of applications to provide one or more service. Examples of such applications include live and pre-recorded audio/video content, data collection services such as retrieving and compiling data on various ambient conditions detected by a plurality of UEs, analytics functionality, social media, functions for controlling or otherwise interacting with remote devices, functions for an alarm and surveillance center, or any other such function performed by a server.

[0066] As a whole, the communication system 700 of FIG. 7 enables connectivity between the UEs, network nodes, and hosts. In that sense, the communication system 700 may be configured to operate according to predefined rules or procedures, such as specific standards that include, but are not limited to: Global System for Mobile Communications (GSM); Universal Mobile Telecommunications System (UMTS); Long Term Evolution (LTE), and/or other suitable Second, Third, Fourth, or Fifth Generation (2G, 3G, 4G, or 5G) standards, or any applicable future generation standard (e.g., Sixth Generation (6G)); Wireless Local Area Network (WLAN) standards, such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards (WiFi); and/or any other appropriate wireless communication standard, such as the Worldwide Interoperability for Microwave Access (WiMax), Bluetooth, Z-Wave, Near Field Communication (NFC) ZigBee, LiFi, and/or any Low Power Wide Area Network (LPWAN) standards such as LoRa and Sigfox.

[0067] In some examples, the telecommunication network 702 is a cellular network that implements 3GPP standardized features. Accordingly, the telecommunication network 702 may support network slicing to provide different logical networks to different devices that are connected to the telecommunication network 702. For example, the telecommunication network 702 may provide Ultra Reliable Low Latency Communication (URLLC) services to some UEs, while providing enhanced Mobile Broadband (eMBB) services to other UEs, and/or massive Machine Type Communication (mMTC)/massive Internet of Things (loT) services to yet further UEs.

[0068] In some examples, the UEs 712 are configured to transmit and/or receive information without direct human interaction. For instance, a UE may be designed to transmit information to the access network 704 on a predetermined schedule, when triggered by an internal or external event, or in response to requests from the access network 704. Additionally, a UE may be configured for operating in single- or multi-Radio Access Technology (RAT) or multi-standard mode. For example, a UE may operate with any one or combination of WiFi, New Radio (NR), and LTE, i.e., be configured for Multi-Radio Dual Connectivity (MR-DC), such as Evolved UMTS Terrestrial RAN (E-UTRAN) NR - Dual Connectivity (EN-DC). [0069] In the example, a hub 714 communicates with the access network 704 to facilitate indirect communication between one or more UEs (e.g., UE 712C and/or 712D) and network nodes (e.g., network node 710B). In some examples, the hub 714 may be a controller, router, content source and analytics, or any of the other communication devices described herein regarding UEs. For example, the hub 714 may be a broadband router enabling access to the core network 706 for the UEs. As another example, the hub 714 may be a controller that sends commands or instructions to one or more actuators in the UEs. Commands or instructions may be received from the UEs, network nodes 710, or by executable code, script, process, or other instructions in the hub 714. As another example, the hub 714 may be a data collector that acts as temporary storage for UE data and, in some embodiments, may perform analysis or other processing of the data. As another example, the hub 714 may be a content source. For example, for a UE that is a Virtual Reality (VR) headset, display, loudspeaker or other media delivery device, the hub 714 may retrieve VR assets, video, audio, or other media or data related to sensory information via a network node, which the hub 714 then provides to the UE either directly, after performing local processing, and/or after adding additional local content. In still another example, the hub 714 acts as a proxy server or orchestrator for the UEs, in particular in if one or more of the UEs are low energy loT devices.

[0070] The hub 714 may have a constant/persistent or intermittent connection to the network node 710B. The hub 714 may also allow for a different communication scheme and/or schedule between the hub 714 and UEs (e.g., UE 712C and/or 712D), and between the hub 714 and the core network 706. In other examples, the hub 714 is connected to the core network 706 and/or one or more UEs via a wired connection. Moreover, the hub 714 may be configured to connect to a Machine-to-Machine (M2M) service provider over the access network 704 and/or to another UE over a direct connection. In some scenarios, UEs may establish a wireless connection with the network nodes 710 while still connected via the hub 714 via a wired or wireless connection. In some embodiments, the hub 714 may be a dedicated hub - that is, a hub whose primary function is to route communications to/from the UEs from/to the network node 710B. In other embodiments, the hub 714 may be a non-dedicated hub - that is, a device which is capable of operating to route communications between the UEs and the network node 710B, but which is additionally capable of operating as a communication start and/or end point for certain data channels.

[0071] FIG. 8 shows a UE 800 in accordance with some embodiments. As used herein, a UE refers to a device capable, configured, arranged, and/or operable to communicate wirelessly with network nodes and/or other UEs. Examples of a UE include, but are not limited to, a smart phone, mobile phone, cell phone, Voice over Internet Protocol (VoIP) phone, wireless local loop phone, desktop computer, Personal Digital Assistant (PDA), wireless camera, gaming console or device, music storage device, playback appliance, wearable terminal device, wireless endpoint, mobile station, tablet, laptop, Laptop Embedded Equipment (LEE), Laptop Mounted Equipment (LME), smart device, wireless Customer Premise Equipment (CPE), vehicle-mounted or vehicle embedded/integrated wireless device, etc. Other examples include any UE identified by the 3GPP, including a Narrowband Internet of Things (NB-IoT) UE, a Machine Type Communication (MTC) UE, and/or an enhanced MTC (eMTC) UE.

[0072] A UE may support Device-to-Device (D2D) communication, for example by implementing a 3GPP standard for sidelink communication, Dedicated Short-Range Communication (DSRC), Vehicle-to- Vehicle (V2V), Vehicle-to-Infrastructure (V2I), or Vehicle-to-Every thing (V2X). In other examples, a UE may not necessarily have a user in the sense of a human user who owns and/or operates the relevant device. Instead, a UE may represent a device that is intended for sale to, or operation by, a human user but which may not, or which may not initially, be associated with a specific human user (e.g., a smart sprinkler controller). Alternatively, a UE may represent a device that is not intended for sale to, or operation by, an end user but which may be associated with or operated for the benefit of a user (e.g., a smart power meter).

[0073] The UE 800 includes processing circuitry 802 that is operatively coupled via a bus 804 to an input/output interface 806, a power source 808, memory 810, a communication interface 812, and/or any other component, or any combination thereof. Certain UEs may utilize all or a subset of the components shown in FIG. 8. The level of integration between the components may vary from one UE to another UE. Further, certain UEs may contain multiple instances of a component, such as multiple processors, memories, transceivers, transmitters, receivers, etc. [0074] The processing circuitry 802 is configured to process instructions and data and may be configured to implement any sequential state machine operative to execute instructions stored as machine -readable computer programs in the memory 810. The processing circuitry 802 may be implemented as one or more hardware-implemented state machines (e.g., in discrete logic, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), etc.); programmable logic together with appropriate firmware; one or more stored computer programs, general purpose processors, such as a microprocessor or Digital Signal Processor (DSP), together with appropriate software; or any combination of the above. For example, the processing circuitry 802 may include multiple Central Processing Units (CPUs).

[0075] In the example, the input/output interface 806 may be configured to provide an interface or interfaces to an input device, output device, or one or more input and/or output devices. Examples of an output device include a speaker, a sound card, a video card, a display, a monitor, a printer, an actuator, an emitter, a smartcard, another output device, or any combination thereof. An input device may allow a user to capture information into the UE 800. Examples of an input device include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, a digital video camera, a web camera, etc.), a microphone, a sensor, a mouse, a trackball, a directional pad, a trackpad, a scroll wheel, a smartcard, and the like. The presence- sensitive display may include a capacitive or resistive touch sensor to sense input from a user. A sensor may be, for instance, an accelerometer, a gyroscope, a tilt sensor, a force sensor, a magnetometer, an optical sensor, a proximity sensor, a biometric sensor, etc., or any combination thereof. An output device may use the same type of interface port as an input device. For example, a Universal Serial Bus (USB) port may be used to provide an input device and an output device.

[0076] In some embodiments, the power source 808 is structured as a battery or battery pack. Other types of power sources, such as an external power source (e.g., an electricity outlet), photovoltaic device, or power cell, may be used. The power source 808 may further include power circuitry for delivering power from the power source 808 itself, and/or an external power source, to the various parts of the UE 800 via input circuitry or an interface such as an electrical power cable. Delivering power may be, for example, for charging the power source 808. Power circuitry may perform any formatting, converting, or other modification to the power from the power source 808 to make the power suitable for the respective components of the UE 800 to which power is supplied.

[0077] The memory 810 may be or be configured to include memory such as Random Access Memory (RAM), Read Only Memory (ROM), Programmable ROM (PROM), Erasable PROM (EPROM), Electrically EPROM (EEPROM), magnetic disks, optical disks, hard disks, removable cartridges, flash drives, and so forth. In one example, the memory 810 includes one or more application programs 814, such as an operating system, web browser application, a widget, gadget engine, or other application, and corresponding data 816. The memory 810 may store, for use by the UE 800, any of a variety of various operating systems or combinations of operating systems.

[0078] The memory 810 may be configured to include a number of physical drive units, such as Redundant Array of Independent Disks (RAID), flash memory, USB flash drive, external hard disk drive, thumb drive, pen drive, key drive, High Density Digital Versatile Disc (HD-DVD) optical disc drive, internal hard disk drive, Blu-Ray optical disc drive, Holographic Digital Data Storage (HDDS) optical disc drive, external mini Dual In-line Memory Module (DIMM), Synchronous Dynamic RAM (SDRAM), external micro-DIMM SDRAM, smartcard memory such as a tamper resistant module in the form of a Universal Integrated Circuit Card (UICC) including one or more Subscriber Identity Modules (SIMs), such as a Universal SIM (USIM) and/or Internet Protocol Multimedia Services Identity Module (ISIM), other memory, or any combination thereof. The UICC may for example be an embedded UICC (eUICC), integrated UICC (iUICC) or a removable UICC commonly known as a ‘SIM card.’ The memory 810 may allow the UE 800 to access instructions, application programs, and the like stored on transitory or non-transitory memory media, to off-load data, or to upload data. An article of manufacture, such as one utilizing a communication system, may be tangibly embodied as or in the memory 810, which may be or comprise a device-readable storage medium.

[0079] The processing circuitry 802 may be configured to communicate with an access network or other network using the communication interface 812. The communication interface 812 may comprise one or more communication subsystems and may include or be communicatively coupled to an antenna 822. The communication interface 812 may include one or more transceivers used to communicate, such as by communicating with one or more remote transceivers of another device capable of wireless communication (e.g., another UE or a network node in an access network). Each transceiver may include a transmitter 818 and/or a receiver 820 appropriate to provide network communications (e.g., optical, electrical, frequency allocations, and so forth). Moreover, the transmitter 818 and receiver 820 may be coupled to one or more antennas (e.g., the antenna 822) and may share circuit components, software, or firmware, or alternatively be implemented separately.

[0080] In the illustrated embodiment, communication functions of the communication interface 812 may include cellular communication, WiFi communication, LPWAN communication, data communication, voice communication, multimedia communication, short-range communications such as Bluetooth, NFC, location-based communication such as the use of the Global Positioning System (GPS) to determine a location, another like communication function, or any combination thereof. Communications may be implemented according to one or more communication protocols and/or standards, such as IEEE 802.11, Code Division Multiplexing Access (CDMA), Wideband CDMA (WCDMA), GSM, LTE, NR, UMTS, WiMax, Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP), Synchronous Optical Networking (SONET), Asynchronous Transfer Mode (ATM), Quick User Datagram Protocol Internet Connection (QUIC), Hypertext Transfer Protocol (HTTP), and so forth.

[0081] Regardless of the type of sensor, a UE may provide an output of data captured by its sensors, through its communication interface 812, or via a wireless connection to a network node. Data captured by sensors of a UE can be communicated through a wireless connection to a network node via another UE. The output may be periodic (e.g., once every 15 minutes if it reports the sensed temperature), random (e.g., to even out the load from reporting from several sensors), in response to a triggering event (e.g., when moisture is detected an alert is sent), in response to a request (e.g., a user initiated request), or a continuous stream (e.g., a live video feed of a patient).

[0082] As another example, a UE comprises an actuator, a motor, or a switch related to a communication interface configured to receive wireless input from a network node via a wireless connection. In response to the received wireless input the states of the actuator, the motor, or the switch may change. For example, the UE may comprise a motor that adjusts the control surfaces or rotors of a drone in flight according to the received input or to a robotic arm performing a medical procedure according to the received input.

[0083] A UE, when in the form of an loT device, may be a device for use in one or more application domains, these domains comprising, but not limited to, city wearable technology, extended industrial application, and healthcare. Non-limiting examples of such an loT device are a device which is or which is embedded in: a connected refrigerator or freezer, a television, a connected lighting device, an electricity meter, a robot vacuum cleaner, a voice controlled smart speaker, a home security camera, a motion detector, a thermostat, a smoke detector, a door/window sensor, a flood/moisture sensor, an electrical door lock, a connected doorbell, an air conditioning system like a heat pump, an autonomous vehicle, a surveillance system, a weather monitoring device, a vehicle parking monitoring device, an electric vehicle charging station, a smart watch, a fitness tracker, a head-mounted display for Augmented Reality (AR) or VR, a wearable for tactile augmentation or sensory enhancement, a water sprinkler, an animator item-tracking device, a sensor for monitoring a plant or animal, an industrial robot, an Unmanned Aerial Vehicle (UAV), and any kind of medical device, like a heart rate monitor or a remote controlled surgical robot. A UE in the form of an loT device comprises circuitry and/or software in dependence of the intended application of the loT device in addition to other components as described in relation to the UE 800 shown in FIG. 8.

[0084] As yet another specific example, in an loT scenario, a UE may represent a machine or other device that performs monitoring and/or measurements and transmits the results of such monitoring and/or measurements to another UE and/or a network node. The UE may in this case be an M2M device, which may in a 3GPP context be referred to as an MTC device. As one particular example, the UE may implement the 3GPP NB-IoT standard. In other scenarios, a UE may represent a vehicle, such as a car, a bus, a truck, a ship, an airplane, or other equipment that is capable of monitoring and/or reporting on its operational status or other functions associated with its operation.

[0085] In practice, any number of UEs may be used together with respect to a single use case. For example, a first UE might be or be integrated in a drone and provide the drone’s speed information (obtained through a speed sensor) to a second UE that is a remote controller operating the drone. When the user makes changes from the remote controller, the first UE may adjust the throttle on the drone (e.g., by controlling an actuator) to increase or decrease the drone’s speed. The first and/or the second UE can also include more than one of the functionalities described above. For example, a UE might comprise the sensor and the actuator and handle communication of data for both the speed sensor and the actuators.

[0086] FIG. 9 shows a network node 900 in accordance with some embodiments. As used herein, network node refers to equipment capable, configured, arranged, and/or operable to communicate directly or indirectly with a UE and/or with other network nodes or equipment in a telecommunication network. Examples of network nodes include, but are not limited to, APs (e.g., radio APs), Base Stations (BSs) (e.g., radio BSs, Node Bs, evolved Node Bs (eNBs), and NR Node Bs (gNBs)).

[0087] BSs may be categorized based on the amount of coverage they provide (or, stated differently, their transmit power level) and so, depending on the provided amount of coverage, may be referred to as femto BSs, pico BSs, micro BSs, or macro BSs. A BS may be a relay node or a relay donor node controlling a relay. A network node may also include one or more (or all) parts of a distributed radio BS such as centralized digital units and/or Remote Radio Units (RRUs), sometimes referred to as Remote Radio Heads (RRHs). Such RRUs may or may not be integrated with an antenna as an antenna integrated radio. Parts of a distributed radio BS may also be referred to as nodes in a Distributed Antenna System (DAS).

[0088] Other examples of network nodes include multiple Transmission Point (multi-TRP) 5G access nodes, Multi-Standard Radio (MSR) equipment such as MSR BSs, network controllers such as Radio Network Controllers (RNCs) or BS Controllers (BSCs), Base Transceiver Stations (BTSs), transmission points, transmission nodes, Multi-Cell/Multicast Coordination Entities (MCEs), Operation and Maintenance (O&M) nodes, Operations Support System (OSS) nodes, Self-Organizing Network (SON) nodes, positioning nodes (e.g., Evolved Serving Mobile Location Centers (E-SMLCs)), and/or Minimization of Drive Tests (MDTs).

[0089] The network node 900 includes processing circuitry 902, memory 904, a communication interface 906, and a power source 908. The network node 900 may be composed of multiple physically separate components (e.g., a Node B component and an RNC component, or a BTS component and a BSC component, etc.), which may each have their own respective components. In certain scenarios in which the network node 900 comprises multiple separate components (e.g., BTS and BSC components), one or more of the separate components may be shared among several network nodes. For example, a single RNC may control multiple Node Bs. In such a scenario, each unique Node B and RNC pair may in some instances be considered a single separate network node. In some embodiments, the network node 900 may be configured to support multiple RATs. In such embodiments, some components may be duplicated (e.g., separate memory 904 for different RATs) and some components may be reused (e.g., an antenna 910 may be shared by different RATs). The network node 900 may also include multiple sets of the various illustrated components for different wireless technologies integrated into network node 900, for example GSM, WCDMA, LTE, NR, WiFi, Zigbee, Z-wave, Long Range Wide Area Network (LoRaWAN), Radio Frequency Identification (RFID), or Bluetooth wireless technologies. These wireless technologies may be integrated into the same or different chip or set of chips and other components within the network node 900.

[0090] The processing circuitry 902 may comprise a combination of one or more of a microprocessor, controller, microcontroller, CPU, DSP, ASIC, FPGA, or any other suitable computing device, resource, or combination of hardware, software, and/or encoded logic operable to provide, either alone or in conjunction with other network node 900 components, such as the memory 904, to provide network node 900 functionality.

[0091] In some embodiments, the processing circuitry 902 includes a System on a Chip (SOC). In some embodiments, the processing circuitry 902 includes one or more of Radio Frequency (RF) transceiver circuitry 912 and baseband processing circuitry 914. In some embodiments, the RF transceiver circuitry 912 and the baseband processing circuitry 914 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of the RF transceiver circuitry 912 and the baseband processing circuitry 914 may be on the same chip or set of chips, boards, or units.

[0092] The memory 904 may comprise any form of volatile or non-volatile computer-readable memory including, without limitation, persistent storage, solid state memory, remotely mounted memory, magnetic media, optical media, RAM, ROM, mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD), or a Digital Video Disk (DVD)), and/or any other volatile or non-volatile, non-transitory device-readable, and/or computer-executable memory devices that store information, data, and/or instructions that may be used by the processing circuitry 902. The memory 904 may store any suitable instructions, data, or information, including a computer program, software, an application including one or more of logic, rules, code, tables, and/or other instructions capable of being executed by the processing circuitry 902 and utilized by the network node 900. The memory 904 may be used to store any calculations made by the processing circuitry 902 and/or any data received via the communication interface 906. In some embodiments, the processing circuitry 902 and the memory 904 are integrated.

[0093] The communication interface 906 is used in wired or wireless communication of signaling and/or data between a network node, access network, and/or UE. As illustrated, the communication interface 906 comprises port(s)/terminal(s) 916 to send and receive data, for example to and from a network over a wired connection. The communication interface 906 also includes radio front-end circuitry 918 that may be coupled to, or in certain embodiments a part of, the antenna 910. The radio front-end circuitry 918 comprises filters 920 and amplifiers 922. The radio front-end circuitry 918 may be connected to the antenna 910 and the processing circuitry 902. The radio front-end circuitry 918 may be configured to condition signals communicated between the antenna 910 and the processing circuitry 902. The radio front-end circuitry 918 may receive digital data that is to be sent out to other network nodes or UEs via a wireless connection. The radio front-end circuitry 918 may convert the digital data into a radio signal having the appropriate channel and bandwidth parameters using a combination of the filters 920 and/or the amplifiers 922. The radio signal may then be transmitted via the antenna 910. Similarly, when receiving data, the antenna 910 may collect radio signals which are then converted into digital data by the radio front-end circuitry 918. The digital data may be passed to the processing circuitry 902. In other embodiments, the communication interface 906 may comprise different components and/or different combinations of components.

[0094] In certain alternative embodiments, the network node 900 does not include separate radio front-end circuitry 918; instead, the processing circuitry 902 includes radio front-end circuitry and is connected to the antenna 910. Similarly, in some embodiments, all or some of the RF transceiver circuitry 912 is part of the communication interface 906. In still other embodiments, the communication interface 906 includes the one or more ports or terminals 916, the radio front-end circuitry 918, and the RF transceiver circuitry 912 as part of a radio unit (not shown), and the communication interface 906 communicates with the baseband processing circuitry 914, which is part of a digital unit (not shown).

[0095] The antenna 910 may include one or more antennas, or antenna arrays, configured to send and/or receive wireless signals. The antenna 910 may be coupled to the radio front-end circuitry 918 and may be any type of antenna capable of transmitting and receiving data and/or signals wirelessly. In certain embodiments, the antenna 910 is separate from the network node 900 and connectable to the network node 900 through an interface or port.

[0096] The antenna 910, the communication interface 906, and/or the processing circuitry 902 may be configured to perform any receiving operations and/or certain obtaining operations described herein as being performed by the network node 900. Any information, data, and/or signals may be received from a UE, another network node, and/or any other network equipment. Similarly, the antenna 910, the communication interface 906, and/or the processing circuitry 902 may be configured to perform any transmitting operations described herein as being performed by the network node 900. Any information, data, and/or signals may be transmitted to a UE, another network node, and/or any other network equipment.

[0097] The power source 908 provides power to the various components of the network node 900 in a form suitable for the respective components (e.g., at a voltage and current level needed for each respective component). The power source 908 may further comprise, or be coupled to, power management circuitry to supply the components of the network node 900 with power for performing the functionality described herein. For example, the network node 900 may be connectable to an external power source (e.g., the power grid or an electricity outlet) via input circuitry or an interface such as an electrical cable, whereby the external power source supplies power to power circuitry of the power source 908. As a further example, the power source 908 may comprise a source of power in the form of a battery or battery pack which is connected to, or integrated in, power circuitry. The battery may provide backup power should the external power source fail.

[0098] Embodiments of the network node 900 may include additional components beyond those shown in FIG. 9 for providing certain aspects of the network node’s functionality, including any of the functionality described herein and/or any functionality necessary to support the subject matter described herein. For example, the network node 900 may include user interface equipment to allow input of information into the network node 900 and to allow output of information from the network node 900. This may allow a user to perform diagnostic, maintenance, repair, and other administrative functions for the network node 900.

[0099] FIG. 10 is a block diagram of a host 1000, which may be an embodiment of the host 716 of FIG. 7, in accordance with various aspects described herein. As used herein, the host 1000 may be or comprise various combinations of hardware and/or software including a standalone server, a blade server, a cloud-implemented server, a distributed server, a virtual machine, container, or processing resources in a server farm. The host 1000 may provide one or more services to one or more UEs.

[0100] The host 1000 includes processing circuitry 1002 that is operatively coupled via a bus 1004 to an input/output interface 1006, a network interface 1008, a power source 1010, and memory 1012. Other components may be included in other embodiments. Features of these components may be substantially similar to those described with respect to the devices of previous figures, such as FIG.s 8 and 9, such that the descriptions thereof are generally applicable to the corresponding components of the host 1000.

[0101] The memory 1012 may include one or more computer programs including one or more host application programs 1014 and data 1016, which may include user data, e.g., data generated by a UE for the host 1000 or data generated by the host 1000 for a UE. Embodiments of the host 1000 may utilize only a subset or all of the components shown. The host application programs 1014 may be implemented in a container-based architecture and may provide support for video codecs (e.g., Versatile Video Coding (VVC), High Efficiency Video Coding (HEVC), Advanced Video Coding (AVC), Moving Picture Experts Group (MPEG), VP9) and audio codecs (e.g., Free Lossless Audio Codec (FLAC), Advanced Audio Coding (AAC), MPEG, G.711), including transcoding for multiple different classes, types, or implementations of UEs (e.g., handsets, desktop computers, wearable display systems, and heads-up display systems). The host application programs 1014 may also provide for user authentication and licensing checks and may periodically report health, routes, and content availability to a central node, such as a device in or on the edge of a core network. Accordingly, the host 1000 may select and/or indicate a different host for Over-The-Top (OTT) services for a UE. The host application programs 1014 may support various protocols, such as the HTTP Live Streaming (HLS) protocol, Real-Time Messaging Protocol (RTMP), Real-Time Streaming Protocol (RTSP), Dynamic Adaptive Streaming over HTTP (DASH or MPEG-DASH), etc.

[0102] FIG. 11 is a block diagram illustrating a virtualization environment 1100 in which functions implemented by some embodiments may be virtualized. In the present context, virtualizing means creating virtual versions of apparatuses or devices which may include virtualizing hardware platforms, storage devices, and networking resources. As used herein, virtualization can be applied to any device described herein, or components thereof, and relates to an implementation in which at least a portion of the functionality is implemented as one or more virtual components. Some or all of the functions described herein may be implemented as virtual components executed by one or more Virtual Machines (VMs) implemented in one or more virtual environments 1100 hosted by one or more of hardware nodes, such as a hardware computing device that operates as a network node, UE, core network node, or host. Further, in embodiments in which the virtual node does not require radio connectivity (e.g., a core network node or host), then the node may be entirely virtualized.

[0103] Applications 1102 (which may alternatively be called software instances, virtual appliances, network functions, virtual nodes, virtual network functions, etc.) are run in the virtualization environment Q400 to implement some of the features, functions, and/or benefits of some of the embodiments disclosed herein.

[0104] Hardware 1104 includes processing circuitry, memory that stores software and/or instructions executable by hardware processing circuitry, and/or other hardware devices as described herein, such as a network interface, input/output interface, and so forth. Software may be executed by the processing circuitry to instantiate one or more virtualization layers 1106 (also referred to as hypervisors or VM Monitors (VMMs)), provide VMs 1108A and 1108B (one or more of which may be generally referred to as VMs 1108), and/or perform any of the functions, features, and/or benefits described in relation with some embodiments described herein. The virtualization layer 1106 may present a virtual operating platform that appears like networking hardware to the VMs 1108.

[0105] The VMs 1108 comprise virtual processing, virtual memory, virtual networking, or interface and virtual storage, and may be run by a corresponding virtualization layer 1106. Different embodiments of the instance of a virtual appliance 1102 may be implemented on one or more of the VMs 1108, and the implementations may be made in different ways. Virtualization of the hardware is in some contexts referred to as Network Function Virtualization (NFV). NFV may be used to consolidate many network equipment types onto industry standard high volume server hardware, physical switches, and physical storage, which can be located in data centers and customer premise equipment.

[0106] In the context of NFV, a VM 1108 may be a software implementation of a physical machine that runs programs as if they were executing on a physical, non- virtualized machine. Each of the VMs 1108, and that part of the hardware 1104 that executes that VM, be it hardware dedicated to that VM and/or hardware shared by that VM with others of the VMs 1108, forms separate virtual network elements. Still in the context of NFV, a virtual network function is responsible for handling specific network functions that run in one or more VMs 1108 on top of the hardware 1104 and corresponds to the application 1102.

[0107] The hardware 1104 may be implemented in a standalone network node with generic or specific components. The hardware 1104 may implement some functions via virtualization. Alternatively, the hardware 1104 may be part of a larger cluster of hardware (e.g., such as in a data center or CPE) where many hardware nodes work together and are managed via management and orchestration 1110, which, among others, oversees lifecycle management of the applications 1102. In some embodiments, the hardware 1104 is coupled to one or more radio units that each include one or more transmitters and one or more receivers that may be coupled to one or more antennas. Radio units may communicate directly with other hardware nodes via one or more appropriate network interfaces and may be used in combination with the virtual components to provide a virtual node with radio capabilities, such as a RAN or a BS. In some embodiments, some signaling can be provided with the use of a control system 1112 which may alternatively be used for communication between hardware nodes and radio units. [0108] FIG. 12 shows a communication diagram of a host 1202 communicating via a network node 1204 with a UE 1206 over a partially wireless connection in accordance with some embodiments. Example implementations, in accordance with various embodiments, of the UE (such as the UE 712A of FIG. 7 and/or the UE 800 of FIG. 8), the network node (such as the network node 710A of FIG. 7 and/or the network node 900 of FIG. 9), and the host (such as the host 716 of FIG. 7 and/or the host 1000 of FIG. 10) discussed in the preceding paragraphs will now be described with reference to FIG. 12.

[0109] Like the host 1000, embodiments of the host 1202 include hardware, such as a communication interface, processing circuitry, and memory. The host 1202 also includes software, which is stored in or is accessible by the host 1202 and executable by the processing circuitry. The software includes a host application that may be operable to provide a service to a remote user, such as the UE 1206 connecting via an OTT connection 1250 extending between the UE 1206 and the host 1202. In providing the service to the remote user, a host application may provide user data which is transmitted using the OTT connection 1250.

[0110] The network node 1204 includes hardware enabling it to communicate with the host 1202 and the UE 1206 via a connection 1260. The connection 1260 may be direct or pass through a core network (like the core network 706 of FIG. 7) and/or one or more other intermediate networks, such as one or more public, private, or hosted networks. For example, an intermediate network may be a backbone network or the Internet.

[0111] The UE 1206 includes hardware and software, which is stored in or accessible by the UE 1206 and executable by the UE’s processing circuitry. The software includes a client application, such as a web browser or operator-specific “app” that may be operable to provide a service to a human or non-human user via the UE 1206 with the support of the host 1202. In the host 1202, an executing host application may communicate with the executing client application via the OTT connection 1250 terminating at the UE 1206 and the host 1202. In providing the service to the user, the UE’s client application may receive request data from the host's host application and provide user data in response to the request data. The OTT connection 1250 may transfer both the request data and the user data. The UE’s client application may interact with the user to generate the user data that it provides to the host application through the OTT connection 1250.

[0112] The OTT connection 1250 may extend via the connection 1260 between the host 1202 and the network node 1204 and via a wireless connection 1270 between the network node 1204 and the UE 1206 to provide the connection between the host 1202 and the UE 1206. The connection 1260 and the wireless connection 1270, over which the OTT connection 1250 may be provided, have been drawn abstractly to illustrate the communication between the host 1202 and the UE 1206 via the network node 1204, without explicit reference to any intermediary devices and the precise routing of messages via these devices.

[0113] As an example of transmitting data via the OTT connection 1250, in step 1208, the host 1202 provides user data, which may be performed by executing a host application. In some embodiments, the user data is associated with a particular human user interacting with the UE 1206. In other embodiments, the user data is associated with a UE 1206 that shares data with the host 1202 without explicit human interaction. In step 1210, the host 1202 initiates a transmission carrying the user data towards the UE 1206. The host 1202 may initiate the transmission responsive to a request transmitted by the UE 1206. The request may be caused by human interaction with the UE 1206 or by operation of the client application executing on the UE 1206. The transmission may pass via the network node 1204 in accordance with the teachings of the embodiments described throughout this disclosure. Accordingly, in step 1212, the network node 1204 transmits to the UE 1206 the user data that was carried in the transmission that the host 1202 initiated, in accordance with the teachings of the embodiments described throughout this disclosure. In step 1214, the UE 1206 receives the user data carried in the transmission, which may be performed by a client application executed on the UE 1206 associated with the host application executed by the host 1202.

[0114] In some examples, the UE 1206 executes a client application which provides user data to the host 1202. The user data may be provided in reaction or response to the data received from the host 1202. Accordingly, in step 1216, the UE 1206 may provide user data, which may be performed by executing the client application. In providing the user data, the client application may further consider user input received from the user via an input/output interface of the UE 1206. Regardless of the specific manner in which the user data was provided, the UE 1206 initiates, in step 1218, transmission of the user data towards the host 1202 via the network node 1204. In step 1220, in accordance with the teachings of the embodiments described throughout this disclosure, the network node 1204 receives user data from the UE 1206 and initiates transmission of the received user data towards the host 1202. In step 1222, the host 1202 receives the user data carried in the transmission initiated by the UE 1206.

[0115] One or more of the various embodiments improve the performance of OTT services provided to the UE 1206 using the OTT connection 1250, in which the wireless connection 1270 forms the last segment.

[0116] In an example scenario, factory status information may be collected and analyzed by the host 1202. As another example, the host 1202 may process audio and video data which may have been retrieved from a UE for use in creating maps. As another example, the host 1202 may collect and analyze real-time data to assist in controlling vehicle congestion (e.g., controlling traffic lights). As another example, the host 1202 may store surveillance video uploaded by a UE. As another example, the host 1202 may store or control access to media content such as video, audio, VR, or AR which it can broadcast, multicast, or unicast to UEs. As other examples, the host 1202 may be used for energy pricing, remote control of non- time critical electrical load to balance power generation needs, location services, presentation services (such as compiling diagrams etc. from data collected from remote devices), or any other function of collecting, retrieving, storing, analyzing, and/or transmitting data.

[0117] In some examples, a measurement procedure may be provided for the purpose of monitoring data rate, latency, and other factors on which the one or more embodiments improve. There may further be an optional network functionality for reconfiguring the OTT connection 1250 between the host 1202 and the UE 1206 in response to variations in the measurement results. The measurement procedure and/or the network functionality for reconfiguring the OTT connection 1250 may be implemented in software and hardware of the host 1202 and/or the UE 1206. In some embodiments, sensors (not shown) may be deployed in or in association with other devices through which the OTT connection 1250 passes; the sensors may participate in the measurement procedure by supplying values of the monitored quantities exemplified above, or by supplying values of other physical quantities from which software may compute or estimate the monitored quantities. The reconfiguring of the OTT connection 1250 may include message format, retransmission settings, preferred routing, etc.; the reconfiguring need not directly alter the operation of the network node 1204. Such procedures and functionalities may be known and practiced in the art. In certain embodiments, measurements may involve proprietary UE signaling that facilitates measurements of throughput, propagation times, latency, and the like by the host 1202. The measurements may be implemented in that software causes messages to be transmitted, in particular empty or ‘dummy’ messages, using the OTT connection 1250 while monitoring propagation times, errors, etc.

[0118] Although the computing devices described herein (e.g., UEs, network nodes, hosts) may include the illustrated combination of hardware components, other embodiments may comprise computing devices with different combinations of components. It is to be understood that these computing devices may comprise any suitable combination of hardware and/or software needed to perform the tasks, features, functions, and methods disclosed herein. Determining, calculating, obtaining, or similar operations described herein may be performed by processing circuitry, which may process information by, for example, converting the obtained information into other information, comparing the obtained information or converted information to information stored in the network node, and/or performing one or more operations based on the obtained information or converted information, and as a result of said processing making a determination. Moreover, while components are depicted as single boxes located within a larger box or nested within multiple boxes, in practice computing devices may comprise multiple different physical components that make up a single illustrated component, and functionality may be partitioned between separate components. For example, a communication interface may be configured to include any of the components described herein, and/or the functionality of the components may be partitioned between the processing circuitry and the communication interface. In another example, non-computationally intensive functions of any of such components may be implemented in software or firmware and computationally intensive functions may be implemented in hardware.

[0119] In certain embodiments, some or all of the functionality described herein may be provided by processing circuitry executing instructions stored in memory, which in certain embodiments may be a computer program product in the form of a non-transitory computer- readable storage medium. In alternative embodiments, some or all of the functionality may be provided by the processing circuitry without executing instructions stored on a separate or discrete device-readable storage medium, such as in a hardwired manner. In any of those particular embodiments, whether executing instructions stored on a non-transitory computer- readable storage medium or not, the processing circuitry can be configured to perform the described functionality. The benefits provided by such functionality are not limited to the processing circuitry alone or to other components of the computing device, but are enjoyed by the computing device as a whole and/or by end users and a wireless network generally.