WO2020231305A1 - Domain name system for use with a wireless communication network - Google Patents

Domain name system for use with a wireless communication network Download PDF

Info

Publication number
WO2020231305A1
WO2020231305A1 PCT/SE2019/050432 SE2019050432W WO2020231305A1 WO 2020231305 A1 WO2020231305 A1 WO 2020231305A1 SE 2019050432 W SE2019050432 W SE 2019050432W WO 2020231305 A1 WO2020231305 A1 WO 2020231305A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless communication
enterprise
record
communication device
domain name
Prior art date
Application number
PCT/SE2019/050432
Other languages
French (fr)
Inventor
Ioannis Fikouras
Qiang Li
Leonid Mokrushin
Konstantinos Vandikas
Athanasios KARAPANTELAKIS
Mattias LIDSTRÖM
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/SE2019/050432 priority Critical patent/WO2020231305A1/en
Publication of WO2020231305A1 publication Critical patent/WO2020231305A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9558Details of hyperlinks; Management of linked annotations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the present disclosure generally relates to a wireless communication network, and more particularly relates to a domain name system for use with such a wireless communication network.
  • IP Internet Protocol
  • DNS Domain Name System
  • Some embodiments herein exploit a permissioned distributed ledger that is distributed between a wireless communication network and an enterprise, in order to associate IP addresses assigned by the wireless communication network with respective domain names assigned by the enterprise.
  • the enterprise is a wireless communication device manufacturer, for example, this may enable the manufacturer itself to efficiently and intelligently assign a domain name to a wireless communication device at the point of manufacture, yet still allow the IP address associated with that domain name to change as the wireless
  • TTL time-to-live
  • embodiments herein include a method performed by a network node in a wireless communication network.
  • the method comprises determining an IP address assigned by the wireless communication network to a wireless communication device.
  • the method also comprises adding, to a permissioned distributed ledger that is distributed at least in part between the wireless communication network and an enterprise system of an enterprise, a record that associates the IP address with a domain name assigned by the enterprise to the wireless communication device or to a secure hardware component associated with the wireless communication device.
  • the permissioned distributed ledger includes at least an operator tier associated with an operator of the wireless communication network and an enterprise tier associated with the enterprise.
  • adding the record may comprise adding the record to the enterprise tier.
  • the operator tier more particularly includes one or more operator-tier records.
  • An operator-tier record may include information associated with an enterprise to which the operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign.
  • each operator- tier record is linked to one or more enterprise-tier records in the enterprise tier.
  • An enterprise- tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or to a secure hardware component associated with the wireless communication device and any IP address associated with that domain name.
  • adding the record may comprise adding the record as an enterprise-tier record for the enterprise which assigned the domain name.
  • the method may further comprise, before adding the record, querying the permissioned distributed ledger for a most recently recorded IP address for the wireless communication device. Adding the record may then be performed responsive to identifying that the determined IP address differs from the most recently recorded IP address.
  • the record also associates the determined IP address and/or the domain name with a subscription identifier.
  • the subscription identifier identifies a subscription to the wireless communication network and is associated with the secure hardware component.
  • the permissioned distributed ledger is distributed between not only the wireless communication network and the enterprise system but also a domain name system manager (DNSM).
  • the method may further comprise sending the record to the DNSM. Responsive to sending the record, the method may also comprise receiving a response that indicates whether the DNSM approves of or rejects the record being added to the permissioned distributed ledger. In this case, adding the record may be performed responsive to the response indicating that the DNSM approves of the record being added to the permissioned distributed ledger.
  • determining the IP address comprises receiving control signaling indicating the IP address.
  • the network node is configured to perform mobility management in the wireless communication network.
  • the enterprise manufactured the wireless communication device, sold the wireless communication device, and/or provided a service using the wireless communication device.
  • Embodiments also include a method performed by an enterprise system of an enterprise.
  • the method comprises sending, to a domain name system manager (DNSM), a record that indicates a domain name assigned by the enterprise to a wireless communication device or to a secure hardware component associated with the wireless communication device.
  • DNS domain name system manager
  • the method also includes, responsive to sending the record, receiving one or more responses that indicate whether the DNSM approves of or rejects the record being added to a
  • the method further includes adding or not adding the record to the permissioned distributed ledger depending on the one or more responses.
  • the record further indicates a subscription identifier that identifies a subscription to a wireless communication network and that is assigned by the enterprise to the secure hardware component associated with the wireless communication device.
  • the permissioned distributed ledger includes at least an operator tier associated with an operator of a wireless communication network and an enterprise tier associated with the enterprise.
  • adding or not adding the record may comprise adding or not adding the record to the enterprise tier.
  • the operator tier includes one or more operator-tier records.
  • An operator-tier record may include information associated with an enterprise to which the operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign.
  • Each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier.
  • An enterprise-tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or a secure hardware component associated with the wireless communication device and any IP address associated with that domain name.
  • adding or not adding the record may comprise adding or not adding the record as an enterprise- tier record for the enterprise which assigned the domain name.
  • the enterprise manufactured the wireless communication device, sold the wireless communication device, and/or provided a service using the wireless communication device.
  • Embodiments also include a method performed by a domain name system (DNS) server.
  • DNS domain name system
  • the method comprises receiving a query for an IP address associated with a domain name.
  • the method also comprises determining the IP address associated with the domain name from a permissioned distributed ledger that is distributed at least in part between a wireless communication network and an enterprise system of an enterprise that assigned the domain name to the wireless communication device or a secure hardware component associated with the wireless communication device.
  • the method may further include responding to the query with the determined IP address.
  • the method further comprises deciding to determine the IP address associated with the domain name from the permissioned distributed ledger, based on a freshness metric indicating that a DNS record for the domain name at the domain name server is no longer fresh.
  • the method further comprises requesting an update of a DNS record from the permissioned distributed ledger, responsive to expiration of a time-to-live for the DNS record.
  • the permissioned distributed ledger includes at least an operator tier associated with an operator of the wireless communication network and an enterprise tier associated with the enterprise.
  • determining the IP address comprises determining the IP address from the enterprise tier of the permissioned distributed ledger.
  • the operator tier includes one or more operator-tier records.
  • An operator-tier record may include information associated with an enterprise to which an operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign.
  • Each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier.
  • An enterprise-tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or a secure hardware component associated with the wireless communication device and any IP address associated with that domain name.
  • the enterprise manufactured the wireless communication device, sold the wireless communication device, and/or provided a service using the wireless communication device.
  • Embodiments also include a method performed by a domain name system manager (DNSM).
  • the method comprises receiving, from either a wireless communication network or an enterprise system of an enterprise, a record that indicates a domain name assigned by the enterprise to a wireless communication device or a secure hardware component associated with the wireless communication device.
  • the method may further comprise verifying whether the record conforms to one or more rules.
  • the method may also comprise, depending on the verifying, approving or rejecting the record for addition to a permissioned distributed ledger that is distributed at least in part between the enterprise system and the operator system.
  • the record further indicates, for each of the one or more wireless communication device, an IP address assigned by the enterprise or the operator to the wireless communication device or a secure hardware component associated with the wireless communication device.
  • the permissioned distributed ledger includes at least an operator tier associated with the operator and an enterprise tier associated with the enterprise.
  • approving or rejecting the record may comprise approving or rejecting the record for addition to the enterprise tier.
  • the operator tier includes one or more operator-tier records.
  • An operator-tier record may include information associated with an enterprise to which the operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign.
  • Each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier.
  • An enterprise-tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or a secure hardware component associated with the wireless communication device and any IP address associated with that domain name. In this case, approving or rejecting the record may comprise approving or rejecting the record for addition as an enterprise-tier record for the enterprise which assigned the domain name.
  • the permissioned distributed ledger further includes a domain name system manager, DNSM, tier.
  • the DNSM tier includes one or more DNSM- tier records.
  • a DNSM-tier record may include information identifying an authoritative domain name system, DNS, information indicating a set of domain names that the authoritative DNS manages, and information indicating a wireless communication network that the authoritative DNS serves.
  • Embodiments also include a method performed by an authoritative domain name service, DNS, server.
  • the method comprises determining a time-to-live, TTL, value to be applied to any DNS record for a domain name assigned to a wireless communication device or a secure hardware component associated with the wireless communication device, based on information indicating historical or predicted changes in IP addresses associated with the domain name and/or in movement of the wireless communication device.
  • TTL time-to-live
  • the TTL value is to be applied to any such DNS record indicated by a permissioned distributed ledger that is distributed at least in part between a wireless communication network and an enterprise system of an enterprise that assigned the domain name to the wireless communication device or the secure hardware component associated with the wireless communication device.
  • the method may further include applying the determined TTL value to one or more DNS records for the domain name.
  • the method may alternatively or additionally include transmitting control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name at the one or more other DNSs.
  • Embodiments also include corresponding apparatus, computer programs, and computer readable storage mediums.
  • embodiments include a network node configured for use in a wireless communication network.
  • the network node is configured (e.g., via
  • the network node may also be configured to add, to a permissioned distributed ledger that is distributed at least in part between the wireless communication network and an enterprise system of an enterprise, a record that associates the IP address with a domain name assigned by the enterprise to the wireless communication device or to a secure hardware component associated with the wireless communication device.
  • Embodiments also include an enterprise system of an enterprise.
  • the enterprise system is configured (e.g., via communication circuitry and/or processing circuitry) to send, to a wireless communication network and/or to a domain name system manager, DNSM, a record that indicates a domain name assigned by the enterprise to a wireless communication device or to a secure hardware component associated with the wireless communication device.
  • DNSM domain name system manager
  • the enterprise system may further be configured to, responsive to sending the record, receive one or more responses that indicate whether the wireless communication network and/or the DNSM approves of or rejects the record being added to a permissioned distributed ledger that is distributed at least in part between the enterprise system, the wireless communication network, and the DNSM.
  • the enterprise system may also be configured to add or not add the record to the permissioned distributed ledger depending on the one or more responses.
  • Embodiments further include a domain name system, DNS, server configured (e.g., via communication circuitry and/or processing circuitry) to receive a query for an IP address associated with a domain name.
  • DNS domain name system
  • the DNS server may also be configured to determine the IP address associated with the domain name from a permissioned distributed ledger that is distributed at least in part between a wireless communication network and an enterprise system of an enterprise that assigned the domain name to the wireless communication device or a secure hardware component associated with the wireless communication device.
  • the DNS server may also be configured to respond to the query with the determined IP address.
  • Embodiments additionally include a domain name system manager (DNSM).
  • DNSM is configured (e.g., via communication circuitry and processing circuitry) to receive, from either a wireless communication network or an enterprise system of an enterprise, a record that indicates a domain name assigned by the enterprise to a wireless communication device or a secure hardware component associated with the wireless communication device.
  • the DNSM may further be configured to verify whether the record conforms to one or more rules.
  • the DNSM may also be configured to, depending on the verifying, approve or reject the record for addition to a permissioned distributed ledger that is distributed at least in part between the enterprise system and the operator system.
  • Embodiments also include an authoritative domain name service, DNS, server.
  • DNS authoritative domain name service
  • the DNS server is configured (e.g., via processing circuitry) to determine a time-to-live, TTL, value to be applied to any DNS record for a domain name assigned to a wireless communication device or a secure hardware component associated with the wireless communication device, based on information indicating historical or predicted changes in IP addresses associated with the domain name and/or in movement of the wireless communication device.
  • the DNS server may further be configured to apply the determined TTL value to one or more DNS records for the domain name.
  • the DNS server may alternatively or additionally be configured to transmit (e.g., via communication circuitry) control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name at the one or more other DNSs.
  • Figure 1 is a block diagram of an enterprise system and a wireless communication network according to some embodiments.
  • Figure 2 is a call flow diagram in a wireless communication network according to some embodiments for updating an IP address recorded in a permissioned distributed ledger.
  • Figure 3A is a block diagram of a record in a permissioned distributed ledger according to some embodiments.
  • Figure 3B is an example of a record in a permissioned distributed ledger according to some embodiments.
  • Figure 3C is a block diagram of a record in a permissioned distributed ledger according to still other embodiments.
  • Figure 3D is a block diagram of a record in a permissioned distributed ledger according to still other embodiments.
  • Figure 4 is a block diagram of a permissioned distributed ledger implemented as a blockchain according to some embodiments.
  • Figure 5 is a block diagram of a multi-tiered permissioned distributed ledger according to some embodiments.
  • Figure 6 is a block diagram of records in a multi-tiered permissioned distributed ledger according to some embodiments.
  • Figure 8 is a block diagram of records in a multi-tiered permissioned distributed ledger according to still other embodiments.
  • Figure 9 is a block diagram of a system with multiple network operators participating in a permissioned distributed ledger according to some embodiments.
  • Figure 10 is a logic flow diagram of a method performed by a network node in a wireless communication network according to some embodiments.
  • Figure 11 is a logic flow diagram of a method performed by an enterprise system according to some embodiments.
  • Figure 12 is a logic flow diagram of a method performed by a DNS Manager (DNSM) according to some embodiments.
  • DNSM DNS Manager
  • Figure 13 is a logic flow diagram of a method performed by a DNS server according to some embodiments.
  • Figure 14 is a logic flow diagram of a method performed by an authoritative DNS server according to some embodiments.
  • Figure 15 is a block diagram of a network node in a wireless communication network according to some embodiments.
  • Figure 16 is a block diagram of an enterprise system according to some embodiments.
  • FIG. 17 is a block diagram of a DNS Manager (DNSM) according to some embodiments.
  • Figure 18 is a block diagram of a DNS server according to some embodiments.
  • Figure 19 is a block diagram of an authoritative DNS server according to some embodiments.
  • FIG. 1 shows a wireless communication device 10 according to some embodiments.
  • the wireless communication device 10 may for example be a wireless-enabled vehicle (as shown), sensor, power meter, appliance, industrial machinery, wearable, or any other type of device with wireless communication capability.
  • the wireless communication device 10 in this regard is configured to wirelessly communicate with a wireless communication network 12. e.g., a 5G network or other Public Land Mobile Network (PLMN).
  • PLMN Public Land Mobile Network
  • the wireless communication device 10 may be authorized to communicate with the wireless communication network 12 in this way on the basis of a subscription to receive service from the wireless communication network 12.
  • PLMN Public Land Mobile Network
  • This subscription may be identified by a subscription identifier 10A, e.g., an International Mobile Subscriber Identity (IMSI), a Globally Unique Temporary UE Identity (GUTI), a
  • IMSI International Mobile Subscriber Identity
  • GUI Globally Unique Temporary UE Identity
  • Temporary IMSI T-IMSI
  • SUPI subscriber permanent identifier
  • the subscription identifier 10A is securely stored on a secure hardware component 14 that is embedded or removably inserted into the wireless communication device 10, e.g., in the form of a universal integrated circuit card (ICC), an embedded ICC, a firmware or software-based integrated ICC (also known as iUICC) or the like.
  • the wireless communication device 10 may use this and possibly other information (e.g., security credentials) provisioned on the secure hardware component 14 in procedures to register and authenticate with the network 12.
  • the subscription identifier 10A may also be used for other purposes, such as by the network 12 for subscriber billing purposes.
  • Figure 1 also shows an enterprise system 16 of an enterprise.
  • An enterprise as used herein is a business entity.
  • the enterprise in some embodiments is involved in the product lifecycle of the wireless communication device 10.
  • the enterprise may for example be involved in the manufacture, distribution, retail sale, and/or activation/provisioning of the wireless communication device 10.
  • the enterprise in other embodiments may alternatively or additionally be involved in integrating the wireless communication device 10 into another device or system.
  • the enterprise in still other embodiments may alternatively or additionally provide a service on or using the wireless communication device 10.
  • a permissioned distributed ledger (DL) 18 (also referred to as a permissioned distributed database) is distributed at least in part between the wireless communication network 12 and the enterprise system 16 of the enterprise.
  • a distributed ledger as used herein is a consensus of replicated, shared, and synchronized data geographically spread across multiple sites (e.g., multiple systems). That is, the data is shared across the multiple sites in order that the data be synchronized and replicated at each of the sites, e.g., according to a consensus protocol.
  • the distributed ledger 18 has a multi tier (i.e. , multi-dimensional) structure with multiple tiers
  • the data that is replicated, shared, and synchronized between any given pair of sites includes the data in each tier to which the sites in the pair is authorized to access. That is, the data in a tier of the distributed ledger to which a site is not authorized to access is not replaced, shared, or synchronized to that site. Accordingly, a distributed ledger 18 with a multi-tier structure is distributed only“in part” between sites if the data in only a portion of the ledger’s multiple tiers is replicated, shared, and synchronized across those sites.
  • the permissioned distributed ledger 18 being distributed at least in part between the wireless communication network 12 and the enterprise system 16 may therefore mean that the data in at least one or more tiers of the permissioned distributed ledger 18 is replicated, shared, and synchronized between the wireless communication network 12 and the enterprise system 16.
  • the permissioned distributed ledger 18 is a permissioned (e.g., federated) blockchain, e.g., where records are appended to the blockchain in blocks, with each block containing a cryptographic hash of the previous block.
  • the permissioned distributed ledger 18 (or simply, distributed ledger 18 for short) may be immutable, e.g., in the practical sense that changing the consensus of data would require extreme computational effort and collaboration.
  • the distributed ledger 18 is permissioned in the sense that the protocol for forming the consensus is controlled by select participant(s) that have permission to do so, e.g., based on a proof-of-stake protocol.
  • Some embodiments exploit the permissioned distributed ledger 18 to replicate, share, and synchronize between the enterprise system 16 and the wireless communication network 12 certain data associated with the wireless communication device 10; namely, a domain name 10B and an associated Internet Protocol (IP) address 10C.
  • the enterprise system 16 in this regard includes an enterprise node 20 which generates and adds to the permissioned distributed ledger 18 a record 22 that indicates a domain name 10B assigned to the wireless communication device 10 (or to the associated secure hardware component 14).
  • the enterprise itself is the entity that assigns this domain name 10B.
  • the enterprise system 16 may generate and add the record 22 indicating the domain name assignment in conjunction with the enterprise making the assignment.
  • the enterprise system 16 may add the record 22 to the distributed ledger 18 when the enterprise manufactures, distributes, sells, or onboards the wireless communication device 10, or when the enterprise onboards a service provided on or using the wireless communication device 10.
  • the enterprise may assign the domain name 10B to the device 10 and add the record 22 of that assignment to the distributed ledger 18.
  • the record 22 in these and other cases may or may not also indicate an IP address 10C for the wireless communication device 10, depending on whether or not the enterprise also assigns such an IP address 10C.
  • the record 22 may indicate one or more domain names assigned to the wireless communication device 10 (or the secure hardware component 14), e.g., one or more of which may be an alias or canonical name that will resolve to another domain name rather than an IP address.
  • the record 22 in some embodiments may associate the domain name 10B with the wireless communication device 10 or the secure hardware component 14 by indicating not only the domain name 10B but also the subscription identifier 10A.
  • the wireless communication network’s operator may even delegate, to the enterprise, administration of subscription identifiers for subscriptions to the operator’s services.
  • Administration of subscription identifiers as used herein involves, for example, generating subscription identifiers, associating subscription identifiers with respective subscriptions, assigning subscription identifiers to respective devices or secure hardware components, allocating subscriptions identifiers for certain uses (e.g., working use or testing use), and/or updating the status of subscription identifiers (e.g., activated for working use, deactivated from working use, suspended from use, etc.).
  • the enterprise itself may assign both a subscription identifier 10A and a domain name 10B to the wireless communication device 10 or the associated secure hardware component 14, and indicate both its domain name assignment and subscription identifier assignment in the record 22.
  • the wireless communication network 12 in this regard includes a network node 24.
  • the network node 24 is configured to determine an IP address 10C assigned by the wireless communication network 12 to the wireless communication device 10.
  • the network node 24 in some embodiments may itself assign this IP address 10C to the wireless communication device 10.
  • the network node 24 may be a packet gateway (PGW).
  • PGW packet gateway
  • the network node 24 may receive control signaling from another network node indicating the IP address 10C assigned to the wireless communication device 10.
  • the network node 24 in this case may for instance perform mobility management for the wireless communication device 10, e.g., in the form of a Mobility Management Entity (MME) or an Access and Mobility Function (AMF).
  • MME Mobility Management Entity
  • AMF Access and Mobility Function
  • the network node 24 adds to the permissioned distributed ledger 18 a record 26 that associates the IP address 10C with the domain name 10B assigned to the wireless communication device 10 (or to the associated secure hardware component 14).
  • the record 26 may for instance associate the IP address 10C with the domain name 10B by indicating not only the IP address 10C but also the domain name 10B and/or the subscription identifier 10A.
  • the permissioned distributed ledger 18 supports or otherwise facilitates Domain Name Service (DNS) functionality.
  • DNS Domain Name Service
  • the wireless communication network 12 may also include a DNS server 28.
  • the DNS server 28 may receive a query 30 (e.g., from another wireless communication device 32) for an IP address 10C associated with the domain name 10B.
  • the DNS server 28 may determine the IP address 10C associated with the domain name 10B from the permissioned distributed ledger 18.
  • the DNS server 28 may for instance directly and unconditionally reference the permissioned distributed ledger 18 for the queried IP address 10C, e.g., such that the permissioned distributed ledger 18 replaces traditional DNS records altogether.
  • the DNS server 28 may only reference the permissioned distributed ledger 18 for the queried IP address 10C if local/traditional DNS records at the DNS server 28 are insufficient for responding to the query 30, e.g., if the local/traditional DNS records are no longer fresh according to a freshness metric such as a time-to-live (TTL) value.
  • TTL time-to-live
  • the DNS server 28 may occasionally or periodically request an update of one or more of its DNS records from the permissioned distributed ledger 18, e.g., responsive to a TTL for a DNS record expiring. No matter how the DNS server 28 exploits the permissioned distributed ledger 18 for fielding the received query 30, the DNS server 28 correspondingly responds to the query 30 by transmitting a response 34 with the determined IP address 10C.
  • any DNS server outside of the wireless communication network 12 may alternatively or additionally provide similar DNS functionality using the permissioned distributed ledger 18, provided that the DNS server is configured to communicate with the permissioned distributed ledger 18.
  • the permissioned distributed ledger 18 is additionally distributed to one or more third-party information accessors, e.g., legal authorities, advertisers, etc.
  • the third-party information accessor(s) may have read-only access to the permissioned distributed ledger 18.
  • a DNS server that serves a third-party information accessor may in this case reference the permissioned distributed ledger 18 to field DNS queries from the third-party information accessor.
  • distributing the permissioned distributed ledger 18 to third parties in this way advantageously provides IP address assignment traceability for specific devices and/or subscriber identities, e.g., for such purposes as legal, security, advertising, etc.
  • IP address assignment can come from any network or Dynamic Host Configuration Protocol (DHCP) server, even untrusted ones. Indeed, even in such a case, the wireless communication device 10 will still be reachable and can receive high priority information over encrypted channels, such as over-the-air (OTA) updates.
  • DHCP Dynamic Host Configuration Protocol
  • the IP address recorded in the permissioned distributed ledger 18 as being associated with the device’s domain name 10B may be updated as needed to reflect any changes to the device’s IP address over time.
  • Figure 1 shows that the permissioned distributed ledger 18 is distributed between the enterprise system 16 and a single wireless communication network 12, the ledger 18 in some embodiments is also distributed to one or more other wireless communication networks to which the wireless communication device 10 is connectable (and which may be allocated different IP address ranges). In this case, each time the wireless communication device 10 attaches to a new wireless communication network, that network adds to the permissioned distributed ledger 18 a new record indicating the new IP address associated with the device’s domain name 10B.
  • Some embodiments herein thereby facilitate extended coverage use cases for the wireless communication device 10, such as those required for various Internet of Things (loT) applications, including long-haul connected trucking, container transport on connected sea vessels, connected drones, remote surgery, and vehicle teleoperation in warzones or disaster areas.
  • LoT Internet of Things
  • some embodiments as described above exploit the permissioned distributed ledger 18 to enable the enterprise itself to assign the domain name 10B to the wireless communication device 10 (or to the secure hardware component 10A) and record that domain name assignment in the permissioned distributed ledger 18. Domain name assignment and recordation thereby remains local to the enterprise rather than being inefficiently delegated to a third party such as an Internet Service Provider (ISP). Where the enterprise is the manufacturer of the wireless communication device 10, for example, these embodiments enable the manufacturer itself to efficiently assign and record the domain name 18 at the point of manufacture, thereby avoiding the unnecessary expense and delay that would otherwise be incurred by the manufacturer having to coordinate such assignment and recordation with another entity. Some embodiments therefore provide DNS record administration directly to the enterprise, so as to remove significant overhead in DNS record assignment.
  • ISP Internet Service Provider
  • the enterprise in these and other embodiments may assign a domain name 10B that has a semantic relationship with the wireless communication device 10.
  • the domain name 10B may for instance be formed from a vehicle identification number (VI N), International Standard Serial Number (ISSN), Universal Product Code (UPC), Amazon Standard Identification Number (ASIN), or any other device/product identifier uniquely associated with the wireless
  • the domain name 10B in some embodiments may also be formed from a name of the enterprise, e.g.,“device_product_number.OEM_manufacturer.com”. These embodiments may advantageously allow the enterprise or any third party to address the wireless communication device 10 directly, wherever the device 10 is located in the world, without the need for application-layer Over-the-top (OTT) solutions.
  • OTT Over-the-top
  • some embodiments enable such a domain name without placing restrictions on one or more top level parts of the domain name.
  • Dynamic DNS solutions would require the top level parts of the domain name to be associated with a certain Dynamic DNS service provider (e.g., dyndns.org or no-ip. com)
  • some embodiments have no such requirement.
  • the domain name of a connected vehicle may simply be VIN.manufacturer.com (e.g., 4M2CU97799KJ84309.opel.com), instead of having to be
  • VIN.manufacturer.dydns.org Some embodiments thereby offer greater flexibility and freedom in domain name assignment.
  • Some embodiments provide these and/or other advantages while offering more resiliency than traditional DNS lookups since DNS information resides within the permissioned distributed ledger 18, which is decentralized and resilient against single node crashes.
  • some embodiments substantially preserve the standard DNS service frontend, e.g., the interface between the querying device and the DNS server remains intact. For this and/or other reasons, some embodiments may be applied to existing DNS Information Technology (IT) infrastructure and/or existing 3GPP networks.
  • IT DNS Information Technology
  • FIG. 2 for example shows some embodiments as applied to an Enhanced Packet Core (EPC) or 5G Core (5GC) network according to 3GPP standards.
  • the wireless communication device 10 attaches to a wireless communication network 10 that includes an EPC or 5GC.
  • the device 10 as shown in this regard transmits an attach request 40 towards the network 10, e.g., towards the network node 24 which in this case may take the form of a Mobility Management Entity (MME) for EPC or an Access and Mobility Function (AMF) for 5GC.
  • MME Mobility Management Entity
  • AMF Access and Mobility Function
  • the network node 40 in response transmits towards a packet gateway (PGW) / User Plane Function (UPF) 42 a request 44 to create a packet data session for the wireless communication device 10.
  • PGW Packet gateway
  • UPF User Plane Function
  • the PGW/UPF 42 correspondingly performs IP address allocation 46 in order to allocate an IP address 10C to the wireless communication device 10 for the requested packet data session.
  • the PGW/UPF 42 then transmits a response 48 to the network node 24 indicating the new IP address 10C allocated to the wireless communication device 10.
  • the network node 24 then transmits an information request 50 to the permissioned distributed ledger 18 indicating the subscription identifier 10A (here, in the form of an I MSI) and requesting information recorded in the distributed ledger 18 for that subscription identifier 10A; namely, the associated IP address and/or domain name 10B.
  • the network node 24 effectively queries the distributed ledger 18 for the most recently recorded IP address for the wireless communication device 10.
  • the network node 24 receives a response 52 with this requested information.
  • the network node 24 checks whether the returned IP address is the same as the IP address 10C just assigned to the wireless communication device 10 upon attachment.
  • the network node 24 adds 54 a new record to the distributed ledger 18 that associates the new IP address 10C with the subscription identifier 10A and/or the domain name 10B. That is, in some embodiments, the network node 24 selectively adds the new record responsive to identifying that the new IP address differs from the most recently recorded IP address. In some embodiments, the network node 24 may receive a confirmation 56 that the record was added to the distributed ledger 18 as requested.
  • this update to the permissioned distributed ledger 18 may be propagated to an authoritative DNS server. If done in a push fashion, the permissioned distributed ledger 18 may communicate the update to the authoritative DNS server. If done in a pull fashion, by contrast, the authoritative DNS server may request the update from the permissioned distributed ledger 18.
  • Figure 3A shows additional details of the structure of a record 60 on the permissioned distributed ledger 18 according to some embodiments.
  • the record 60 may include a DNS record 62-1 paired or otherwise associated with a subscription identifier 64-1 (e.g., IMSI).
  • the DNS record 62-1 may for example correspond to a DNS address (“A”) record so as to indicate a domain name and an IP address, and optionally a TTL value.
  • the DNS record 62-1 may correspond to a canonical name (“CNAME”) record so as to indicate that an alias domain name maps to a canonical domain name.
  • the DNS record 62-1 and the subscription identifier 64-1 may also be associated with a cryptographic key 66-1 , e.g., that can be used as a challenge for addition of subsequent records for that subscription identifier 64-1.
  • the record 60 may also include one or more additional DNS records 62-2...62-N and associated subscription identifiers 64-2...64-N and/or
  • the enterprise system 16 may exploit the record’s capability in this regard in order to more efficiently register wireless communication devices every day, week, month, or some other time interval, depending on the volume and time spanning the enterprise’s activity with respect to those devices. For instance, where the enterprise is the device manufacturer, the manufacturer may register the manufactured devices every day, week, month, etc., depending on the production volume and time spanning production to sale.
  • Figure 3B shows one specific realization of a record 60 for indicating information associated with multiple wireless communication devices that are connected vehicles.
  • the record 60 includes nine ⁇ DNS Record, IMSI> tuples 60A...60I corresponding to nine different vehicles.
  • Each tuple for a vehicle includes an IMSI associated with the vehicle, formed from a Mobile Country Code (MCC), a Mobile Network Code (MNC) and a Mobile Subscription Identification Number (MSIN).
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • MSIN Mobile Subscription Identification Number
  • Each tuple for a vehicle also includes a DNS Address record that, from left to right, includes a domain name assigned to the vehicle, a TTL value for the domain name, and an IP address assigned to the vehicle.
  • the tuples 60A, 60B, 60C, and 60D are for vehicles 66-1 for Greece
  • the tuples 60E, 60F, and 60G are for vehicles 66-2 for Germany
  • the tuples 60H and 60I are for vehicles 66-3 for France.
  • Such a record 60 may be added for instance by a manufacturer that manufactured these 10 vehicles in one day, for three different countries, and integrated into those vehicles secure hardware components (e.g., SIM cards) working for the respective operators in these countries.
  • Figures 3C and 3D show specific realizations of another record 60 that includes a canonical name DNS record.
  • the record 60 includes a ⁇ DNS Record, IMSI> tuple 60J associated with the same IMSI and vehicle as the tuple 60A in Figure 3B.
  • This tuple 60J corresponds to a CNAME record so as to indicate that an alias domain name of 3B0907552BK.BOSH.COM maps to a canonical domain name of
  • 3B0907552BK may be the number of an on-board Electronic Control Unit (ECU) that was supplied by a Bosh vendor and integrated into the vehicle by the vehicle’s manufacturer.
  • the vehicle’s manufacturer may add the record 60 with the tuple 60J to the distributed ledger 18 when the vehicle is manufactured and/or when the Bosh ECU is integrated into the vehicle.
  • yet another record 60 includes a ⁇ DNS Record, IMSI> tuple 60K associated with the same IMSI and vehicle as the tuple 60A in Figure 3B.
  • This tuple 60K corresponds to a CNAME record so as to indicate that an alias domain name of
  • JFS331 may be the vehicle registration number (e.g., as shown on the license plate) assigned to the vehicle by an enterprise in the form of the Swedish Transportation Authority. In this case, then, the Swedish Transportation Authority may add the record with the tuple 60K to the distributed ledger 18 when the vehicle is registered.
  • BOSH may connect to the vehicle’s ECU by using the domain name 3B0907552BK.BOSH.COM, e.g., in order to perform a firmware update on the ECU. And the police may retrieve information about the vehicle by using the domain name JFS331.TRANSPORTSTYRELSEN.SE.
  • FIG. 4 shows further details of the structure of the permissioned distributed ledger 18 according to some embodiments in which the distributed ledger 18 is a blockchain.
  • the distributed ledger 18 includes a chain of N records 70-1 , 70-2,...70-N in the form of blocks. Each block is linked to the previous block in the chain, with each block containing a
  • each block may also include a timestamp 68 of when the block was added to the permissioned distributed ledger 18. Regardless, these M blocks may be replicated and synchronized between the wireless communication network 10 and the enterprise system 16, so as to represent a consensus of data describing the association between domain names and IP addresses for respective subscription identifiers.
  • the distributed ledger 18 has a multi-tier (i.e. , multi-dimensional) structure with multiple tiers that include an operator tier 18A associated with the wireless communication network’s operator and an enterprise tier 18B associated with the enterprise.
  • the records 60-1 , 60-2,...60-M shown in Figure 4 may be just the records in the enterprise tier 18B; that is, the enterprise system 16 and/or the wireless communication network 10 may add the records described above to the enterprise tier 18B.
  • Record(s) in the operator tier 18A may contain other information related to the operator’s supervision or management of the enterprise.
  • Figure 6 for example illustrates additional details of records in each tier according to some embodiments.
  • the enterprise tier 18B includes a set of one or more enterprise- tier records 60-1 , 60-2,...60-M that correspond to the records shown in Figure 4 for the enterprise of the enterprise system 16.
  • an operator-tier record 70-1 in the operator tier 18A includes information that the wireless communication network’s operator maintains about and/or for the enterprise. This record 70-1 may be created for instance upon the operator onboarding the enterprise. Additional record(s) (e.g., record 70-K) may be appended to this record 70-1 in the operator tier 18A (e.g., after onboarding) to effectively update and/or overwrite conflicting information in records appended previously in time, while still preserving the previously appended records for historical reference and auditing purposes.
  • the operator tier 18A may therefore include a set of one or more operator-tier records with information associated with the enterprise and/or one or more other enterprises.
  • the information in an operator-tier record may include an enterprise identifier (ID) 72 that identifies an enterprise to which the operator-tier record relates.
  • the operator-tier record may also include information (e.g., in the form of a DNS record range 74) indicating domain names that the enterprise is allowed to assign.
  • the operator-tier record may additionally include information (e.g., in the form of an IP address range 76) indicating IP addresses assignable to wireless communication devices associated with the enterprise.
  • the operator-tier record may furthermore include information (e.g., in the form of a subscription identifier range 78) indicating subscription identifiers whose administration the network’s operator has delegated to the enterprise.
  • the operator-tier record in some embodiments also includes a pointer 73 that links the operator-tier record to the set of one or more enterprise-tier records 60-1 , 60-2,...60-M for the enterprise.
  • the pointer 73 may for instance point or otherwise link the operator-tier record to the first enterprise-tier record 60-1 in the set, with remaining records in the set linked in a chain to the first enterprise-tier record 60-1.
  • the network’s operator when the network’s operator onboards a new enterprise, the network’s operator creates the first enterprise-tier record 60-1 in the enterprise tier 18B and the first 70-1 in the operator tier 18A.
  • the operator links those records/tiers using the pointer 73 in the operator-tier record.
  • the operator may provide this pointer 73 to the enterprise system 16 so that the enterprise system 16 knows where and how to access the first record 60-1 in the enterprise tier 18B, for adding enterprise-tier records to the enterprise-tier 18B as described above.
  • the tiered nature of the distributed ledger 18 facilitates access control to the distributed ledger 18.
  • the operator may effectively write to or update the records in the operator tier 18A (e.g., by adding new record(s) that override or otherwise render ineffective previously added records), but the enterprise system 16 cannot.
  • the permissioned distributed ledger 18 is distributed in the sense that at least one tier of the ledger 18 is distributed between the enterprise system 16 and the wireless communication network 10.
  • the enterprise tier 18B but not the operator tier 18A is distributed between the enterprise system 16 and the wireless communication network 10. The enterprise system 16 may therefore not even have read access to the operator tier 18A. Instead, the enterprise system 16 may just have read and write access to the enterprise tier 18B.
  • the enterprise system 16 may only add records to the permissioned distributed ledger 18 subject to the approval, oversight, and/or supervision of another system or entity; namely, a DNS Manager (DNSM) 80 as shown in Figure 1.
  • DNSM as used herein is an entity that owns and operates a DNS that participates in the permissioned distributed leger 18.
  • a DNSM may for instance manage one or more authoritative DNSs, e.g., such as those responsible for domain names of devices manufactured, distributed, or sold by an enterprise.
  • the DNSs in some embodiments may be physically located at and managed by the enterprise itself, or by a third party managing on behalf of the enterprise.
  • the DNSs may nonetheless operate the DNS IETF protocols in some embodiments, but may store domain records in the permissioned distributed ledger 18 instead of or in addition to a local database.
  • the approval, oversight, and/or supervision of the DNSM 80 may be based on the recorded domain name assignment and/or subscription identifier administration complying with rules governing such assignment or administration
  • This approval, oversight, and/or supervision may be inherently embodied in the distributed ledger’s consensus protocol, e.g., so as to exploit the consensus protocol for realizing substantially real-time oversight of the enterprise system’s domain name assignment and/or subscription identifier administration.
  • the enterprise system 16 may add a record 22 to the distributed ledger 18 subject to the approval of the DNSM 80.
  • the enterprise system 16 sends to the DNSM 80 the record 22 to be added to the distributed ledger 18.
  • the DNSM 80 receives the record 22 and verifies whether the record 22 conforms to one or more rules.
  • the one or more rules may more specifically specify the format to which each indicated domain name 10B and/or subscription identifier 10A must conform.
  • the required format of the domain name 10B and/or subscription identifier 10A may for instance be specified in terms of an allowable length, an allowable set of characters or digits, allowable locations of certain characters or digits, or the like.
  • the DNSM 80 may alternatively or additionally verify whether each domain name 10B and/or subscription identifier 10A has been assigned within a time period that conforms to the one or more rules.
  • the one or more rules may for instance specify how many domain names and/or subscription identifiers are allowed to be assigned by the enterprise system 16 during a certain time period, e.g., 10,000 per year.
  • the DNSM 80 verifies whether the domain name 10B and/or subscription identifier 10A has been assigned with only one end user or end device in conformance with the one or more rules.
  • the one or more rules may specify that any given domain name or subscription identifier may be associated with only one
  • subscription e.g., by being assigned to only one secure hardware component. This may prevent the same domain name or subscription identifier from being assigned multiple times.
  • the DNSM 80 in some embodiments verifies whether each domain name and/or subscription identifier is within a set (e.g., a range) of domain names and/or subscription identifiers that is assignable by the enterprise system 16 according to the one or more rules.
  • the one or more rules specify that the enterprise system 16 is only permitted to assign domain names or subscription identifiers included in a certain set, e.g., with domain names or subscription identifiers outside of the set being reserved for other enterprises.
  • the DNSM 80 may verify whether the enterprise system 16 is adding a record 22 with domain name(s) and/or subscription identifier(s) in conformance with the one or more rules.
  • the DNSM 80 approves or rejects the record 22 for addition to the permissioned distributed ledger 18 depending on the verification.
  • the DNSM 80 approves the record 22 for addition to the permissioned distributed ledger 18.
  • the DNSM 80 rejects the record 22 for addition to the permissioned distributed ledger 18.
  • the DNSM 80 accordingly sends a response 82 to the enterprise system 16 indicating whether the DNSM 80 approves of or rejects the record 22 being added to the permissioned distributed ledger 18.
  • the enterprise system 16 correspondingly adds or does not add the record 22 to the permissioned distributed ledger 18 depending on the response 82.
  • the enterprise system 16 may perform one or more remedial actions if the DNSM 80 rejects the record 22, such as correcting domain name formatting or otherwise resolving reasons for the rejection, e.g., as signaled to the enterprise system 16.
  • the wireless communication network 12 similarly adds a record 26 to the distributed ledger 18 subject to the approval of the DNSM 80.
  • the network node 24 sends to the DNSM 80 the record 26 to be added to the distributed ledger 18.
  • the DNSM 80 receives the record 26 and verifies whether the record 26 conforms to one or more rules, as described above. If the DNSM 80 verifies that the record 26 does conform to the one or more rules, the DNSM 80 approves the record 26 for addition to the permissioned distributed ledger 18. But if the DNSM 80 verifies that the record 26 does not conform to the one or more rules, the DNSM 80 rejects the record 26 for addition to the permissioned distributed ledger 18.
  • the DNSM 80 accordingly sends a response 84 to the wireless communication network 12 indicating whether the DNSM 80 approves of or rejects the record 26 being added to the permissioned distributed ledger 18.
  • the wireless communication network 12 correspondingly adds or does not add the record 26 to the permissioned distributed ledger 18 depending on the response 84.
  • the DNSM 80 controls the consensus represented by the distributed ledger 18.
  • the DNSM’s verification is inherently embodied in the distributed ledger’s consensus protocol so as to exploit the consensus protocol for realizing substantially real-time oversight of the enterprise system’s domain name assignment and/or the wireless communication network’s IP address assignment. This may improve the cost and speed with which domain names and/or IP addresses can be assigned, without sacrificing regulator oversight. With reduced cost and increased speed, some embodiments allow domain names, IP addresses, and/or subscription identifiers to be quickly assigned to many devices with short notice, e.g., in an loT context involving a large number of devices.
  • some embodiments provide the DNSM 80 with the ability to perform on-demand analysis (e.g., auditing) of that domain name assignment and/or IP address assignment for compliance with applicable rules.
  • the distributed ledger 18 may not only have an enterprise tier 18B and an operator tier 18A but also a DNSM tier 18C.
  • Figure 7 shows an example of the information included in the distributed ledger’s records according to some of these embodiments.
  • the DNSM tier 18C includes a set of one or more DNSM tier records, one of which is shown as record 90.
  • This record 90 indicates one or more IP addresses 92 for one or more DNS servers managed by the DNSM.
  • the record 90 also indicates a range 94 of domain names managed by the one or more DNS servers.
  • the record 90 finally includes a pointer 96 to the operator tier 18A of an operator.
  • the DNS record range 94 in the DNSM tier limits the DNR record range 74 in the operator tier 18A, so as to limit the range of domain names assignable in lower level tiers.
  • Figure 8 illustrates an example structure of the permissioned distributed ledger 18 in such a case of multiple operators.
  • the DNSM tier 18C includes multiple sets 18A1 , 18A2,...18AX of one or more DNS-specific records.
  • Each set contains records with information associated with a specific DNS server or set of DNS servers, and is linked to a respective set 18B1 , 18B2,... 18BY of operator-specific records in the operator tier 18A.
  • Each set of operator- specific record(s) in the operator tier 18A is specific to a certain operator and may include records as shown in Figure 6 or 7.
  • Each operator-specific record set 18B1 , 18B2,... 18BY in the operator tier 18a is linked to one or more enterprise-specific record sets.
  • operator-specific record set 18B1 is linked to one or more enterprise-specific record sets 18C1
  • operator-specific record set 18B2 is linked to one or more enterprise-specific record sets 18C2
  • operator-specific record set 18BY is linked to one or more enterprise-specific record sets 18CZ.
  • the one or more enterprise-specific record sets associated with a certain operator may include for instance the record sets shown in Figure 6 or 7.
  • FIG. 9 shows an overview of the system in these and other embodiments with multiple operators.
  • multiple networks and DNS servers participate in the permissioned distributed ledger 18. Every participating entity has a copy of the same distributed leger. As shown, for instance, each of Networks 1 , 2, and 3 has a respective copy of the distributed ledger 18-1 , 18-2, and 18-3. Similarly the enterprise system 16 and DNSM 18 each maintains their own copy of the distributed ledger 18-4, 18-5, respectively. A TPIA 90 may also participate so as to maintain its own copy of the distributed ledger 18-6. In some embodiments, each of Networks 1 , 2, and 3 has a respective copy of the distributed ledger 18-1 , 18-2, and 18-3. Similarly the enterprise system 16 and DNSM 18 each maintains their own copy of the distributed ledger 18-4, 18-5, respectively. A TPIA 90 may also participate so as to maintain its own copy of the distributed ledger 18-6. In some
  • different participants may have different access rights and/or may maintain different tiers.
  • a participant has write access to its own tier and the tiers below it, while having read-only access (or no access) to the tiers above.
  • the DNSM 80 and networks 1 , 2, and 3 may have read and write access to certain tiers of the distributed ledger 18.
  • a subgroup of the participants verifies transactions so as to approve or reject the addition of new records to the distributed ledger 18.
  • the DNSM 80 and/or the networks belong to this subgroup.
  • Some embodiments enable the enterprise to add wireless connectivity to a vehicle even before the vehicle is shipped out of the factory.
  • a network operator may onboard the enterprise by creating an operator-tier record in the distributed ledger 18 associated with the enterprise and by linking the operator-tier record to an enterprise-tier record.
  • the operator may inform the enterprise system 16 of this linking so that the enterprise system 16 knows where to add enterprise-tier records in the distributed ledger 18.
  • the enterprise system 16 in this regard may create a new enterprise-tier record.
  • the new enterprise-tier records may include a subscription identifier that is to identify a wireless communication network subscription and may also include a domain name that is to correspond to a certain VIN.
  • the subscription identifier may for instance be an IMSI (e.g., 082920103976696476) and the domain name may be based on the certain VI N and manufacturer name, e.g., 1G1YY22P5R5435719.toyota.com.
  • the enterprise system 16 may then send the record to the network 12 and/or the DNSM 80 for approval or rejection.
  • the enterprise system 16 may add the record to the enterprise-tier in the distributed ledger 18.
  • the enterprise system 16 may simply create a new secure hardware component with the subscription identifier and physically install the secure hardware component into a vehicle identified by the certain VIN. This way, when the vehicle is picked up by a dealer to be sold, the vehicle already has a working subscription identifier and domain name, e.g., for a working wireless communication connection and DNS reachability.
  • some embodiments advantageously provide flexible and quick (e.g., on demand) subscription identifier and domain name assignment to operators and/or enterprises. This may mitigate procurement costs and remove the administrative overhead of having to manage domain name assignment, while still allowing oversight of that assignment.
  • subscription identifiers are IMSIs or MSI Ns
  • embodiments herein apply to any type of subscription identifiers that identify subscriptions to receive service from a wireless
  • subscription identifiers in other embodiments may be mobile station international subscriber directory numbers (MSISNs), integrated circuit card identifiers (ICCIDs), GUTIs, or the like.
  • MSISNs mobile station international subscriber directory numbers
  • ICCIDs integrated circuit card identifiers
  • GUTIs or the like.
  • GUTIs With regard to GUTIs, the difference between a GUTI and an IMSI is that the former is (re)generated by an MME core network node on a device’s behalf upon device reattach, or even while it is attached to the network.
  • the IMSI by contrast has a fixed value. Accordingly, in case GUTI and not IMSI is used, then every record will include a new device identifier as GUTI is generated on network attach.
  • the record in this case contains GUTI as an identifier and can be created when a new GUTI is created (i.e. not only on-attach, but also while the device is attached, if MME generates a new GUTI).
  • an initial“new record” block created by the enterprise would in this case have an IMSI identifier. Then, upon addition of a first update block issued by a network, the IMSI identifier would be replaced by a GUTI.
  • some embodiments herein control time-to-live (TTL) values in such a way as to provide global and rapid propagation of IP address changes in the permissioned distributed ledger 18.
  • An authoritative DNS server may for instance predict or otherwise determine a TTL value to be applied to any DNS record for a domain name 10B assigned to a wireless communication device 10 (or an associated secure hardware component 14).
  • the authoritative DNS server may for instance advantageously determine this TTL value based on information indicating historical or predicted changes in IP addresses associated with the domain name 10B and/or in movement of the wireless communication device 10.
  • the device’s movement may for instance exploit a mobility vector of the device, e.g., on a cell level, so as to indicate how fast and to which general direction the device is moving.
  • the authoritative DNS server may then apply this determined TTL value to one or more DNS records for the domain name 10B.
  • the authoritative DNS server may transmit control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name at the one or more other DNSs. This way, the time such DNS records are cached will advantageously approximate the IP address re-assignments for the domain name in the DNS records. This in turn improves propagation time as TTLs are more directly controlled by the permissioned distributed ledger 18 as opposed to fixed threshold set by a DNS server.
  • Figure 10 illustrates a method performed by a network node 24 in a wireless communication network 12 according to some embodiments.
  • the method 100 includes determining an IP address 10B assigned by the wireless communication network 12 to a wireless communication device 10 (Block 110). Where the IP address 10B is assigned by another node, this may involve receiving control signaling from the other node indicating the assigned IP address 10B.
  • the method 100 as shown further includes adding, to a permissioned distributed ledger 18 that is distributed at least in part between the wireless communication network 12 and an enterprise system 16 of an enterprise, a record 26 that associates the IP address 10B with a domain name 10C assigned by the enterprise to the wireless communication device 10 or to a secure hardware component 14 associated with the wireless communication device 10 (Block 120).
  • this addition may be performed responsive to identifying that the determined IP address 10B differs from the most recently recorded IP address (as indicated based on a query to the permissioned distributed ledger 18).
  • this addition may be performed responsive to a DNSM 80 indicating that the DNSM 80 approves of the record 226 being added to the permissioned distributed ledger 18.
  • FIG 11 illustrates a method performed by an enterprise system 16 of an enterprise according to other embodiments.
  • the method 200 includes sending, to a domain name system manager, DNSM, 80 a record 22 that indicates a domain name 10B assigned by the enterprise to a wireless communication device 10 or to a secure hardware component 14 associated with the wireless communication device 10 (Block 210).
  • the record 22 may for instance correspond to a complete or partial DNS address record so that the domain name 10B is or is to be resolvable to an IP address.
  • the record 22 may for instance correspond to a canonical name (CNAME) record so that the domain name 10B is an alias which is or is to be resolvable to a canonical domain name.
  • CNAME canonical name
  • the method may also include, responsive to sending the record 26, receiving one or more responses 84 that indicate whether the DNSM 80 approves of or rejects the record 26 being added to a permissioned distributed ledger 18 that is distributed at least in part between the enterprise system 16 and the DNSM 80 (Block 220).
  • the method 200 as shown may then include adding or not adding the record 26 to the permissioned distributed ledger 18 depending on the one or more responses 84 (Block 230).
  • Figure 12 illustrates a corresponding method according to some embodiments.
  • the method may be performed by the DNSM 80 or the wireless communication network 12.
  • the method 300 includes receiving, from either a wireless communication network 12 or an enterprise system 16 of an enterprise, a record 22, 26 that indicates a domain name 10B assigned by the enterprise to a wireless communication device 10 or a secure hardware component 14 associated with the wireless communication device 10 (Block 310).
  • the method also includes verifying whether the record 22, 26 conforms to one or more rules (Block 320).
  • the method then includes, depending on said verifying, approving or rejecting the record 22, 26 for addition to a permissioned distributed ledger 18 that is distributed at least in part between the enterprise system 16 and the wireless communication network 12 (Block 330).
  • FIG 13 illustrates a method performed by a DNS server 28 according to still other embodiments.
  • the method 400 includes receiving a query 30 for an IP address 10C associated with a domain name 10B (Block 410).
  • the method also includes determining the IP address 10C associated with the domain name 10B from a permissioned distributed ledger 18 that is distributed at least in part between a wireless communication network 12 and an enterprise system 16 of an enterprise that assigned the domain name 10B to the wireless communication device 10 or a secure hardware component 14 associated with the wireless communication device 10 (Block 420).
  • Such determination may for instance involve determining the IP address to which the distributed ledger 18 directly maps the domain name 10B (e.g., using a DNS address record), or determining the IP address to which the distributed ledger 18 indirectly maps the domain name 10B (e.g., using a DNS address record and one or more DNS canonical name records).
  • the method then includes responding to the query 30 with the determined IP address 10C (Block 430).
  • the method includes deciding to determine the IP address 10C from the permissioned distributed ledger 18, based on a freshness metric (e.g., TTL) indicating that a DNS record for the domain name 10B at the DNS server 28 is no longer fresh.
  • a freshness metric e.g., TTL
  • FIG 14 illustrates a method performed by an authoritative DNS server according to yet other embodiments.
  • the method 500 as shows includes determining a time-to-live, TTL, value to be applied to any DNS record for a domain name 10B assigned to a wireless communication device 10 or a secure hardware component 14 associated with the wireless communication device 10, based on information indicating historical or predicted changes in IP addresses associated with the domain name 10B and/or in movement of the wireless communication device 10 (Block 510).
  • the method then includes applying the determined TTL value to one or more DNS records for the domain name 10B (Block 520).
  • the method also includes transmitting control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name 10B at the one or more other DNSs (Block 530).
  • a wireless communication device 10 herein is any type device capable of communicating with another device or node using wireless signals.
  • a wireless communication device 10 may therefore refer to a mobile terminal, a user equipment, a machine-to-machine (M2M) device, a machine-type communications (MTC) device, a NB-loT device, etc.
  • M2M machine-to-machine
  • MTC machine-type communications
  • UE user equipment
  • a wireless communication device including a user equipment, may therefore also be referred to as a radio device, a radio communication device, a wireless terminal, or simply a terminal - unless the context indicates otherwise, the use of any of these terms is intended to include device-to-device UEs or devices, machine-type devices or devices capable of machine-to-machine communication, sensors equipped with a wireless communication device, wireless-enabled table computers, mobile terminals, smart phones, laptop-embedded equipped (LEE), laptop-mounted equipment (LME), USB dongles, wireless customer-premises equipment (CPE), etc.
  • M2M machine-to-machine
  • MTC machine-type communication
  • wireless sensor and sensor may also be used. It should be understood that these devices may be UEs, but are generally configured to transmit and/or receive data without direct human interaction.
  • a wireless communication device 10 as described herein may be, or may be comprised in, a machine or device that performs monitoring or measurements, and transmits the results of such monitoring measurements to another device or a network.
  • a wireless communication device 10 as described herein may be comprised in a vehicle and may perform monitoring and/or reporting of the vehicle’s operational status or other functions associated with the vehicle.
  • the network node 24 as described above may perform the processing herein by implementing any functional means or units.
  • the network node 24 comprises respective circuits configured to perform the steps shown in Figure 10.
  • the circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • memory which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of network node 24 contains instructions executable by the processing circuitry such that the network node 24 is configured to carry out the processing herein.
  • the memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
  • Figure 15 illustrates additional details of network node 24 in accordance with one or more embodiments.
  • the network node 24 includes processing circuitry 600 and communication circuitry 610.
  • the communication circuitry 610 is configured to communication with one or more other nodes, e.g., the enterprise system 16.
  • the processing circuitry 600 is configured to perform processing described above, e.g., in Figure 10, such as by executing instructions stored in memory 620.
  • the memory 620 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18.
  • the processing circuitry 600 in this regard may implement certain functional means or units.
  • the enterprise system 16 as described above may perform the processing herein by implementing any functional means or units.
  • the enterprise system 16 (or more specifically enterprise node 20) comprises respective circuits configured to perform the steps shown in Figure 11.
  • the circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of enterprise system 16 contains instructions executable by the processing circuitry such that the enterprise system 16 is configured to carry out the processing herein.
  • the memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
  • Figure 16 illustrates additional details of enterprise system 16 (e.g., enterprise node 20) in accordance with one or more embodiments.
  • the enterprise system 16 e.g., enterprise node 20
  • the communication circuitry 710 is configured to communication with one or more other nodes, e.g., the network node 24.
  • the processing circuitry 700 is configured to perform processing described above, e.g., in Figure 11 , such as by executing instructions stored in memory 720.
  • the memory 720 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18.
  • the processing circuitry 700 in this regard may implement certain functional means or units.
  • the DNSM 80 as described above may perform the processing herein by implementing any functional means or units.
  • the DNSM 80 comprises respective circuits configured to perform the steps shown in Figure 12.
  • the circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • the memory which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of DNSM 80 contains instructions executable by the processing circuitry such that the DNSM 80 is configured to carry out the processing herein.
  • the memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
  • FIG 17 illustrates additional details of DNSM 80 accordance with one or more embodiments.
  • the DNSM 80 includes processing circuitry 800 and communication circuitry 810.
  • the communication circuitry 810 is configured to communication with one or more other nodes, e.g., the enterprise system 16 and/or network node 24.
  • the processing circuitry 800 is configured to perform processing described above, e.g., in Figure 12, such as by executing instructions stored in memory 820.
  • the memory 820 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18.
  • the processing circuitry 800 in this regard may implement certain functional means or units.
  • the DNS server 28 as described above may perform the processing herein by implementing any functional means or units.
  • the DNS server 28 comprises respective circuits configured to perform the steps shown in Figure 13.
  • the circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of DNS server 28 contains instructions executable by the processing circuitry such that the DNS server 28 is configured to carry out the processing herein.
  • the memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
  • FIG. 18 illustrates additional details of DNS server 28 in accordance with one or more embodiments.
  • the DNS server 28 includes processing circuitry 900 and
  • the communication circuitry 910 is configured to communication with one or more other nodes, e.g., the network node 24.
  • the processing circuitry 900 is configured to perform processing described above, e.g., in Figure 13, such as by executing instructions stored in memory 920.
  • the memory 920 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18.
  • the processing circuitry 900 in this regard may implement certain functional means or units.
  • an authoritative DNS server as described above may perform the processing herein by implementing any functional means or units.
  • the authoritative DNS server comprises respective circuits configured to perform the steps shown in Figure 14.
  • the circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • memory which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein.
  • memory of the authoritative DNS server contains instructions executable by the processing circuitry such that the authoritative DNS server is configured to carry out the processing herein.
  • the memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
  • FIG 19 illustrates additional details of an authoritative DNS server 98 in accordance with one or more embodiments.
  • the authoritative DNS server 98 includes processing circuitry 950 and communication circuitry 960.
  • the communication circuitry 960 is configured to communication with one or more other nodes, e.g., the network node 24.
  • the processing circuitry 950 is configured to perform processing described above, e.g., in Figure 14, such as by executing instructions stored in memory 970.
  • the memory 970 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18.
  • the processing circuitry 950 in this regard may implement certain functional means or units.
  • a computer program comprises instructions which, when executed on at least one processor of a node, device, or system, cause the node, device, or system to carry out any of the respective processing described above.
  • a computer program in this regard may comprise one or more code modules corresponding to the means or units described above.
  • Embodiments further include a carrier containing such a computer program.
  • This carrier may comprise one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A network node (24) is configured for use in a wireless communication network (12). The network node (24) is configured (e.g., via communication circuitry and/or processing circuitry) to determine an Internet Protocol, IP, address (10C) assigned by the wireless communication network (12) to a wireless communication device (10). The network node (24) may also be configured to add, to a permissioned distributed ledger (18) that is distributed at least in part between the wireless communication network (12) and an enterprise system (16) of an enterprise, a record that associates the IP address (10C) with a domain name (10B) assigned by the enterprise to the wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10).

Description

DOMAIN NAME SYSTEM FOR USE WITH A WIRELESS COMMUNICATION NETWORK
TECHNICAL FIELD
The present disclosure generally relates to a wireless communication network, and more particularly relates to a domain name system for use with such a wireless communication network.
BACKGROUND
Computer networks such as the Internet typically locate and identify computer resources using Internet Protocol (IP) addresses assigned to those resources. But IP addresses are difficult for users to remember because they are long numerical labels without any apparent relationship to the resources they address, e.g., 147.12.12.32. The Domain Name System (DNS) remedies this IP addressing deficiency by associating the IP address of a resource with an alphanumeric domain name, which can have more of a semantic relationship to the resource, e.g., storage-server.company-a.com. A user can then access a resource using the resource’s domain name, while the underlying network protocols can use the resource’s IP address to locate and identify the requested resource.
Especially as the Internet of Things (loT) advances, the proliferation of wireless communication devices increasingly complicates the DNS paradigm and threatens to inflate the time and expense required to manage DNS records for those devices. In order for a device manufacturer to package its wireless communication devices with wireless connectivity at the point of manufacture and make them easily addressable by use of domain names, the manufacturer must coordinate with other entities responsible for DNS record management, including the Internet Corporation for Assigned Names and Numbers (ICANN), governments, non-profit organizations, and/or Internet Service Providers (ISPs). Furthermore, after a wireless communication device is put into practical use, device mobility (e.g., between cellular networks) necessitates IP address changes that are only reflected throughout the global, hierarchical network of DNS servers after meaningful delay.
SUMMARY
Some embodiments herein exploit a permissioned distributed ledger that is distributed between a wireless communication network and an enterprise, in order to associate IP addresses assigned by the wireless communication network with respective domain names assigned by the enterprise. Where the enterprise is a wireless communication device manufacturer, for example, this may enable the manufacturer itself to efficiently and intelligently assign a domain name to a wireless communication device at the point of manufacture, yet still allow the IP address associated with that domain name to change as the wireless
communication device moves after manufacture. In fact, some embodiments control time-to-live (TTL) values in such a way as to provide global and rapid propagation of IP address changes. These and other embodiments herein may therefore advantageously improve the flexibility, cost, and/or speed of DNS functionality for wireless communication devices, even as the number of those device scales with the loT.
More particularly, embodiments herein include a method performed by a network node in a wireless communication network. The method comprises determining an IP address assigned by the wireless communication network to a wireless communication device. The method also comprises adding, to a permissioned distributed ledger that is distributed at least in part between the wireless communication network and an enterprise system of an enterprise, a record that associates the IP address with a domain name assigned by the enterprise to the wireless communication device or to a secure hardware component associated with the wireless communication device.
In some embodiments, the permissioned distributed ledger includes at least an operator tier associated with an operator of the wireless communication network and an enterprise tier associated with the enterprise. In this case, adding the record may comprise adding the record to the enterprise tier.
In one or more embodiments, the operator tier more particularly includes one or more operator-tier records. An operator-tier record may include information associated with an enterprise to which the operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign. In some embodiments, each operator- tier record is linked to one or more enterprise-tier records in the enterprise tier. An enterprise- tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or to a secure hardware component associated with the wireless communication device and any IP address associated with that domain name. In these embodiments, adding the record may comprise adding the record as an enterprise-tier record for the enterprise which assigned the domain name.
In some embodiments, the method may further comprise, before adding the record, querying the permissioned distributed ledger for a most recently recorded IP address for the wireless communication device. Adding the record may then be performed responsive to identifying that the determined IP address differs from the most recently recorded IP address.
In some embodiments, the record also associates the determined IP address and/or the domain name with a subscription identifier. In this case, the subscription identifier identifies a subscription to the wireless communication network and is associated with the secure hardware component.
In some embodiments, the permissioned distributed ledger is distributed between not only the wireless communication network and the enterprise system but also a domain name system manager (DNSM). In this case, the method may further comprise sending the record to the DNSM. Responsive to sending the record, the method may also comprise receiving a response that indicates whether the DNSM approves of or rejects the record being added to the permissioned distributed ledger. In this case, adding the record may be performed responsive to the response indicating that the DNSM approves of the record being added to the permissioned distributed ledger.
In some embodiments, determining the IP address comprises receiving control signaling indicating the IP address.
In some embodiments, the network node is configured to perform mobility management in the wireless communication network.
In some embodiments, the enterprise manufactured the wireless communication device, sold the wireless communication device, and/or provided a service using the wireless communication device.
Embodiments also include a method performed by an enterprise system of an enterprise. The method comprises sending, to a domain name system manager (DNSM), a record that indicates a domain name assigned by the enterprise to a wireless communication device or to a secure hardware component associated with the wireless communication device. The method also includes, responsive to sending the record, receiving one or more responses that indicate whether the DNSM approves of or rejects the record being added to a
permissioned distributed ledger that is distributed at least in part between the enterprise system and the DNSM. In some embodiments, the method further includes adding or not adding the record to the permissioned distributed ledger depending on the one or more responses.
In some embodiments, the record further indicates a subscription identifier that identifies a subscription to a wireless communication network and that is assigned by the enterprise to the secure hardware component associated with the wireless communication device.
In some embodiments, the permissioned distributed ledger includes at least an operator tier associated with an operator of a wireless communication network and an enterprise tier associated with the enterprise. In this case, adding or not adding the record may comprise adding or not adding the record to the enterprise tier.
In some embodiments, the operator tier includes one or more operator-tier records. An operator-tier record may include information associated with an enterprise to which the operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign. Each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier. An enterprise-tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or a secure hardware component associated with the wireless communication device and any IP address associated with that domain name. In this case, adding or not adding the record may comprise adding or not adding the record as an enterprise- tier record for the enterprise which assigned the domain name. In some embodiments, the enterprise manufactured the wireless communication device, sold the wireless communication device, and/or provided a service using the wireless communication device.
Embodiments also include a method performed by a domain name system (DNS) server. The method comprises receiving a query for an IP address associated with a domain name. The method also comprises determining the IP address associated with the domain name from a permissioned distributed ledger that is distributed at least in part between a wireless communication network and an enterprise system of an enterprise that assigned the domain name to the wireless communication device or a secure hardware component associated with the wireless communication device. The method may further include responding to the query with the determined IP address.
In some embodiments, the method further comprises deciding to determine the IP address associated with the domain name from the permissioned distributed ledger, based on a freshness metric indicating that a DNS record for the domain name at the domain name server is no longer fresh.
In some embodiments, the method further comprises requesting an update of a DNS record from the permissioned distributed ledger, responsive to expiration of a time-to-live for the DNS record.
In some embodiments, the permissioned distributed ledger includes at least an operator tier associated with an operator of the wireless communication network and an enterprise tier associated with the enterprise. In this case, determining the IP address comprises determining the IP address from the enterprise tier of the permissioned distributed ledger.
In some embodiments, the operator tier includes one or more operator-tier records. An operator-tier record may include information associated with an enterprise to which an operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign. Each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier. An enterprise-tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or a secure hardware component associated with the wireless communication device and any IP address associated with that domain name.
In some embodiments, the enterprise manufactured the wireless communication device, sold the wireless communication device, and/or provided a service using the wireless communication device.
Embodiments also include a method performed by a domain name system manager (DNSM). The method comprises receiving, from either a wireless communication network or an enterprise system of an enterprise, a record that indicates a domain name assigned by the enterprise to a wireless communication device or a secure hardware component associated with the wireless communication device. The method may further comprise verifying whether the record conforms to one or more rules. The method may also comprise, depending on the verifying, approving or rejecting the record for addition to a permissioned distributed ledger that is distributed at least in part between the enterprise system and the operator system.
In some embodiments, the record further indicates, for each of the one or more wireless communication device, an IP address assigned by the enterprise or the operator to the wireless communication device or a secure hardware component associated with the wireless communication device.
In some embodiments, the permissioned distributed ledger includes at least an operator tier associated with the operator and an enterprise tier associated with the enterprise. In this case, approving or rejecting the record may comprise approving or rejecting the record for addition to the enterprise tier.
In some embodiments, the operator tier includes one or more operator-tier records. An operator-tier record may include information associated with an enterprise to which the operator of the wireless communication network has delegated administration of a set of subscription identifiers and further include information indicating domain names that the enterprise is allowed to assign. Each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier. An enterprise-tier record for an enterprise may include information indicating, for each of one or more wireless communication devices, a domain name assigned to the wireless communication device or a secure hardware component associated with the wireless communication device and any IP address associated with that domain name. In this case, approving or rejecting the record may comprise approving or rejecting the record for addition as an enterprise-tier record for the enterprise which assigned the domain name.
In some embodiments, the permissioned distributed ledger further includes a domain name system manager, DNSM, tier. In this case, the DNSM tier includes one or more DNSM- tier records. A DNSM-tier record may include information identifying an authoritative domain name system, DNS, information indicating a set of domain names that the authoritative DNS manages, and information indicating a wireless communication network that the authoritative DNS serves.
Embodiments also include a method performed by an authoritative domain name service, DNS, server. The method comprises determining a time-to-live, TTL, value to be applied to any DNS record for a domain name assigned to a wireless communication device or a secure hardware component associated with the wireless communication device, based on information indicating historical or predicted changes in IP addresses associated with the domain name and/or in movement of the wireless communication device. In some
embodiments, the TTL value is to be applied to any such DNS record indicated by a permissioned distributed ledger that is distributed at least in part between a wireless communication network and an enterprise system of an enterprise that assigned the domain name to the wireless communication device or the secure hardware component associated with the wireless communication device. Regardless, the method may further include applying the determined TTL value to one or more DNS records for the domain name. The method may alternatively or additionally include transmitting control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name at the one or more other DNSs.
Embodiments also include corresponding apparatus, computer programs, and computer readable storage mediums. For example, embodiments include a network node configured for use in a wireless communication network. The network node is configured (e.g., via
communication circuitry and/or processing circuitry) to determine an Internet Protocol, IP, address assigned by the wireless communication network to a wireless communication device. The network node may also be configured to add, to a permissioned distributed ledger that is distributed at least in part between the wireless communication network and an enterprise system of an enterprise, a record that associates the IP address with a domain name assigned by the enterprise to the wireless communication device or to a secure hardware component associated with the wireless communication device.
Embodiments also include an enterprise system of an enterprise. The enterprise system is configured (e.g., via communication circuitry and/or processing circuitry) to send, to a wireless communication network and/or to a domain name system manager, DNSM, a record that indicates a domain name assigned by the enterprise to a wireless communication device or to a secure hardware component associated with the wireless communication device. The enterprise system may further be configured to, responsive to sending the record, receive one or more responses that indicate whether the wireless communication network and/or the DNSM approves of or rejects the record being added to a permissioned distributed ledger that is distributed at least in part between the enterprise system, the wireless communication network, and the DNSM. The enterprise system may also be configured to add or not add the record to the permissioned distributed ledger depending on the one or more responses.
Embodiments further include a domain name system, DNS, server configured (e.g., via communication circuitry and/or processing circuitry) to receive a query for an IP address associated with a domain name. The DNS server may also be configured to determine the IP address associated with the domain name from a permissioned distributed ledger that is distributed at least in part between a wireless communication network and an enterprise system of an enterprise that assigned the domain name to the wireless communication device or a secure hardware component associated with the wireless communication device. The DNS server may also be configured to respond to the query with the determined IP address.
Embodiments additionally include a domain name system manager (DNSM). The DNSM is configured (e.g., via communication circuitry and processing circuitry) to receive, from either a wireless communication network or an enterprise system of an enterprise, a record that indicates a domain name assigned by the enterprise to a wireless communication device or a secure hardware component associated with the wireless communication device. The DNSM may further be configured to verify whether the record conforms to one or more rules. The DNSM may also be configured to, depending on the verifying, approve or reject the record for addition to a permissioned distributed ledger that is distributed at least in part between the enterprise system and the operator system.
Embodiments also include an authoritative domain name service, DNS, server. The DNS server is configured (e.g., via processing circuitry) to determine a time-to-live, TTL, value to be applied to any DNS record for a domain name assigned to a wireless communication device or a secure hardware component associated with the wireless communication device, based on information indicating historical or predicted changes in IP addresses associated with the domain name and/or in movement of the wireless communication device. The DNS server may further be configured to apply the determined TTL value to one or more DNS records for the domain name. The DNS server may alternatively or additionally be configured to transmit (e.g., via communication circuitry) control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name at the one or more other DNSs.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of an enterprise system and a wireless communication network according to some embodiments.
Figure 2 is a call flow diagram in a wireless communication network according to some embodiments for updating an IP address recorded in a permissioned distributed ledger.
Figure 3A is a block diagram of a record in a permissioned distributed ledger according to some embodiments.
Figure 3B is an example of a record in a permissioned distributed ledger according to some embodiments.
Figure 3C is a block diagram of a record in a permissioned distributed ledger according to still other embodiments.
Figure 3D is a block diagram of a record in a permissioned distributed ledger according to still other embodiments.
Figure 4 is a block diagram of a permissioned distributed ledger implemented as a blockchain according to some embodiments.
Figure 5 is a block diagram of a multi-tiered permissioned distributed ledger according to some embodiments.
Figure 6 is a block diagram of records in a multi-tiered permissioned distributed ledger according to some embodiments. Figure 8 is a block diagram of records in a multi-tiered permissioned distributed ledger according to still other embodiments.
Figure 9 is a block diagram of a system with multiple network operators participating in a permissioned distributed ledger according to some embodiments.
Figure 10 is a logic flow diagram of a method performed by a network node in a wireless communication network according to some embodiments.
Figure 11 is a logic flow diagram of a method performed by an enterprise system according to some embodiments.
Figure 12 is a logic flow diagram of a method performed by a DNS Manager (DNSM) according to some embodiments.
Figure 13 is a logic flow diagram of a method performed by a DNS server according to some embodiments.
Figure 14 is a logic flow diagram of a method performed by an authoritative DNS server according to some embodiments.
Figure 15 is a block diagram of a network node in a wireless communication network according to some embodiments.
Figure 16 is a block diagram of an enterprise system according to some embodiments.
Figure 17 is a block diagram of a DNS Manager (DNSM) according to some
embodiments.
Figure 18 is a block diagram of a DNS server according to some embodiments.
Figure 19 is a block diagram of an authoritative DNS server according to some embodiments.
DETAILED DESCRIPTION
Figure 1 shows a wireless communication device 10 according to some embodiments. The wireless communication device 10 may for example be a wireless-enabled vehicle (as shown), sensor, power meter, appliance, industrial machinery, wearable, or any other type of device with wireless communication capability. The wireless communication device 10 in this regard is configured to wirelessly communicate with a wireless communication network 12. e.g., a 5G network or other Public Land Mobile Network (PLMN). The wireless communication device 10 may be authorized to communicate with the wireless communication network 12 in this way on the basis of a subscription to receive service from the wireless communication network 12.
This subscription may be identified by a subscription identifier 10A, e.g., an International Mobile Subscriber Identity (IMSI), a Globally Unique Temporary UE Identity (GUTI), a
Temporary IMSI (T-IMSI), a subscriber permanent identifier (SUPI), or any other identifier that identifies the subscription to at least the network’s operator. In some embodiments, the subscription identifier 10A is securely stored on a secure hardware component 14 that is embedded or removably inserted into the wireless communication device 10, e.g., in the form of a universal integrated circuit card (ICC), an embedded ICC, a firmware or software-based integrated ICC (also known as iUICC) or the like. The wireless communication device 10 may use this and possibly other information (e.g., security credentials) provisioned on the secure hardware component 14 in procedures to register and authenticate with the network 12. The subscription identifier 10A may also be used for other purposes, such as by the network 12 for subscriber billing purposes.
Figure 1 also shows an enterprise system 16 of an enterprise. An enterprise as used herein is a business entity. The enterprise in some embodiments is involved in the product lifecycle of the wireless communication device 10. The enterprise may for example be involved in the manufacture, distribution, retail sale, and/or activation/provisioning of the wireless communication device 10. The enterprise in other embodiments may alternatively or additionally be involved in integrating the wireless communication device 10 into another device or system. The enterprise in still other embodiments may alternatively or additionally provide a service on or using the wireless communication device 10.
According to some embodiments herein, a permissioned distributed ledger (DL) 18 (also referred to as a permissioned distributed database) is distributed at least in part between the wireless communication network 12 and the enterprise system 16 of the enterprise. A distributed ledger as used herein is a consensus of replicated, shared, and synchronized data geographically spread across multiple sites (e.g., multiple systems). That is, the data is shared across the multiple sites in order that the data be synchronized and replicated at each of the sites, e.g., according to a consensus protocol.
In embodiments described more fully later where the distributed ledger 18 has a multi tier (i.e. , multi-dimensional) structure with multiple tiers, the data that is replicated, shared, and synchronized between any given pair of sites includes the data in each tier to which the sites in the pair is authorized to access. That is, the data in a tier of the distributed ledger to which a site is not authorized to access is not replaced, shared, or synchronized to that site. Accordingly, a distributed ledger 18 with a multi-tier structure is distributed only“in part” between sites if the data in only a portion of the ledger’s multiple tiers is replicated, shared, and synchronized across those sites. In this case, all of the data in one or more tiers may be replicated, shared, and synchronized across the sites, while none of the data in one or more other tiers may be replicated, shared, or synchronized across the sites. The permissioned distributed ledger 18 being distributed at least in part between the wireless communication network 12 and the enterprise system 16 may therefore mean that the data in at least one or more tiers of the permissioned distributed ledger 18 is replicated, shared, and synchronized between the wireless communication network 12 and the enterprise system 16.
In some embodiments, the permissioned distributed ledger 18 is a permissioned (e.g., federated) blockchain, e.g., where records are appended to the blockchain in blocks, with each block containing a cryptographic hash of the previous block. In these and other embodiments, the permissioned distributed ledger 18 (or simply, distributed ledger 18 for short) may be immutable, e.g., in the practical sense that changing the consensus of data would require extreme computational effort and collaboration. Regardless of the particular form of the distributed ledger 18, the distributed ledger 18 is permissioned in the sense that the protocol for forming the consensus is controlled by select participant(s) that have permission to do so, e.g., based on a proof-of-stake protocol.
Some embodiments exploit the permissioned distributed ledger 18 to replicate, share, and synchronize between the enterprise system 16 and the wireless communication network 12 certain data associated with the wireless communication device 10; namely, a domain name 10B and an associated Internet Protocol (IP) address 10C. The enterprise system 16 in this regard includes an enterprise node 20 which generates and adds to the permissioned distributed ledger 18 a record 22 that indicates a domain name 10B assigned to the wireless communication device 10 (or to the associated secure hardware component 14). In fact, in some embodiments, the enterprise itself is the entity that assigns this domain name 10B. In this case, the enterprise system 16 may generate and add the record 22 indicating the domain name assignment in conjunction with the enterprise making the assignment.
In these and other embodiments, the enterprise system 16 may add the record 22 to the distributed ledger 18 when the enterprise manufactures, distributes, sells, or onboards the wireless communication device 10, or when the enterprise onboards a service provided on or using the wireless communication device 10. For example, when the enterprise manufactures the wireless communication device 10, the enterprise may assign the domain name 10B to the device 10 and add the record 22 of that assignment to the distributed ledger 18. Note that the record 22 in these and other cases may or may not also indicate an IP address 10C for the wireless communication device 10, depending on whether or not the enterprise also assigns such an IP address 10C. Also note that the record 22 may indicate one or more domain names assigned to the wireless communication device 10 (or the secure hardware component 14), e.g., one or more of which may be an alias or canonical name that will resolve to another domain name rather than an IP address.
In any event, the record 22 in some embodiments may associate the domain name 10B with the wireless communication device 10 or the secure hardware component 14 by indicating not only the domain name 10B but also the subscription identifier 10A. In fact, in some embodiments, the wireless communication network’s operator may even delegate, to the enterprise, administration of subscription identifiers for subscriptions to the operator’s services. Administration of subscription identifiers as used herein involves, for example, generating subscription identifiers, associating subscription identifiers with respective subscriptions, assigning subscription identifiers to respective devices or secure hardware components, allocating subscriptions identifiers for certain uses (e.g., working use or testing use), and/or updating the status of subscription identifiers (e.g., activated for working use, deactivated from working use, suspended from use, etc.). In these embodiments, then, the enterprise itself may assign both a subscription identifier 10A and a domain name 10B to the wireless communication device 10 or the associated secure hardware component 14, and indicate both its domain name assignment and subscription identifier assignment in the record 22.
Regardless, the enterprise system’s addition of the record 22 to the permissioned distributed ledger 18 means that the record 22 is replicated, shared, and synchronized with the wireless communication network 12, which maintains its own copy of the permissioned distributed ledger 18. The wireless communication network 12 in this regard includes a network node 24. The network node 24 is configured to determine an IP address 10C assigned by the wireless communication network 12 to the wireless communication device 10. For example, the network node 24 in some embodiments may itself assign this IP address 10C to the wireless communication device 10. In this case, the network node 24 may be a packet gateway (PGW).
In other embodiments, the network node 24 may receive control signaling from another network node indicating the IP address 10C assigned to the wireless communication device 10. The network node 24 in this case may for instance perform mobility management for the wireless communication device 10, e.g., in the form of a Mobility Management Entity (MME) or an Access and Mobility Function (AMF). Regardless, having determined the IP address 10C, the network node 24 adds to the permissioned distributed ledger 18 a record 26 that associates the IP address 10C with the domain name 10B assigned to the wireless communication device 10 (or to the associated secure hardware component 14). The record 26 may for instance associate the IP address 10C with the domain name 10B by indicating not only the IP address 10C but also the domain name 10B and/or the subscription identifier 10A.
With the domain name 10B (e.g., assigned by the enterprise) and the IP address 10C (e.g., assigned by the wireless communication network 12) associated in the permissioned distributed ledger 18 in this way, the permissioned distributed ledger 18 according to some embodiments supports or otherwise facilitates Domain Name Service (DNS) functionality.
Figure 1 for example shows that the wireless communication network 12 may also include a DNS server 28. The DNS server 28 may receive a query 30 (e.g., from another wireless communication device 32) for an IP address 10C associated with the domain name 10B.
Responsive to receipt of this query 30, the DNS server 28 may determine the IP address 10C associated with the domain name 10B from the permissioned distributed ledger 18. The DNS server 28 may for instance directly and unconditionally reference the permissioned distributed ledger 18 for the queried IP address 10C, e.g., such that the permissioned distributed ledger 18 replaces traditional DNS records altogether. Or, the DNS server 28 may only reference the permissioned distributed ledger 18 for the queried IP address 10C if local/traditional DNS records at the DNS server 28 are insufficient for responding to the query 30, e.g., if the local/traditional DNS records are no longer fresh according to a freshness metric such as a time-to-live (TTL) value. In these and other embodiments, then, the DNS server 28 may occasionally or periodically request an update of one or more of its DNS records from the permissioned distributed ledger 18, e.g., responsive to a TTL for a DNS record expiring. No matter how the DNS server 28 exploits the permissioned distributed ledger 18 for fielding the received query 30, the DNS server 28 correspondingly responds to the query 30 by transmitting a response 34 with the determined IP address 10C.
Although Figure 1 illustrated a DNS server 28 in the wireless communication network 12, any DNS server outside of the wireless communication network 12 may alternatively or additionally provide similar DNS functionality using the permissioned distributed ledger 18, provided that the DNS server is configured to communicate with the permissioned distributed ledger 18. In some embodiments, for example, the permissioned distributed ledger 18 is additionally distributed to one or more third-party information accessors, e.g., legal authorities, advertisers, etc. The third-party information accessor(s) may have read-only access to the permissioned distributed ledger 18. A DNS server that serves a third-party information accessor may in this case reference the permissioned distributed ledger 18 to field DNS queries from the third-party information accessor. Alternatively or additionally, distributing the permissioned distributed ledger 18 to third parties in this way advantageously provides IP address assignment traceability for specific devices and/or subscriber identities, e.g., for such purposes as legal, security, advertising, etc. This may in turn mean that IP address assignment can come from any network or Dynamic Host Configuration Protocol (DHCP) server, even untrusted ones. Indeed, even in such a case, the wireless communication device 10 will still be reachable and can receive high priority information over encrypted channels, such as over-the-air (OTA) updates.
In any event, the IP address recorded in the permissioned distributed ledger 18 as being associated with the device’s domain name 10B may be updated as needed to reflect any changes to the device’s IP address over time. In fact, although Figure 1 shows that the permissioned distributed ledger 18 is distributed between the enterprise system 16 and a single wireless communication network 12, the ledger 18 in some embodiments is also distributed to one or more other wireless communication networks to which the wireless communication device 10 is connectable (and which may be allocated different IP address ranges). In this case, each time the wireless communication device 10 attaches to a new wireless communication network, that network adds to the permissioned distributed ledger 18 a new record indicating the new IP address associated with the device’s domain name 10B. These and other embodiments therefore account for mobility of the wireless communication device 10 within the wireless communication network 12 and/or between different wireless communication networks, by maintaining association of the domain name 10B with whatever IP address is currently assigned to the wireless communication device 10, no matter its location. Some embodiments herein thereby facilitate extended coverage use cases for the wireless communication device 10, such as those required for various Internet of Things (loT) applications, including long-haul connected trucking, container transport on connected sea vessels, connected drones, remote surgery, and vehicle teleoperation in warzones or disaster areas. No matter the particular application, though, some embodiments as described above exploit the permissioned distributed ledger 18 to enable the enterprise itself to assign the domain name 10B to the wireless communication device 10 (or to the secure hardware component 10A) and record that domain name assignment in the permissioned distributed ledger 18. Domain name assignment and recordation thereby remains local to the enterprise rather than being inefficiently delegated to a third party such as an Internet Service Provider (ISP). Where the enterprise is the manufacturer of the wireless communication device 10, for example, these embodiments enable the manufacturer itself to efficiently assign and record the domain name 18 at the point of manufacture, thereby avoiding the unnecessary expense and delay that would otherwise be incurred by the manufacturer having to coordinate such assignment and recordation with another entity. Some embodiments therefore provide DNS record administration directly to the enterprise, so as to remove significant overhead in DNS record assignment.
Moreover, the enterprise in these and other embodiments may assign a domain name 10B that has a semantic relationship with the wireless communication device 10. Depending on the type of the wireless communication device 10, for example, the domain name 10B may for instance be formed from a vehicle identification number (VI N), International Standard Serial Number (ISSN), Universal Product Code (UPC), Amazon Standard Identification Number (ASIN), or any other device/product identifier uniquely associated with the wireless
communication device 10. The domain name 10B in some embodiments may also be formed from a name of the enterprise, e.g.,“device_product_number.OEM_manufacturer.com”. These embodiments may advantageously allow the enterprise or any third party to address the wireless communication device 10 directly, wherever the device 10 is located in the world, without the need for application-layer Over-the-top (OTT) solutions.
Furthermore, some embodiments enable such a domain name without placing restrictions on one or more top level parts of the domain name. For example, whereas Dynamic DNS solutions would require the top level parts of the domain name to be associated with a certain Dynamic DNS service provider (e.g., dyndns.org or no-ip. com), some embodiments have no such requirement. Accordingly, the domain name of a connected vehicle may simply be VIN.manufacturer.com (e.g., 4M2CU97799KJ84309.opel.com), instead of having to be
VIN.manufacturer.dydns.org. Some embodiments thereby offer greater flexibility and freedom in domain name assignment.
Some embodiments provide these and/or other advantages while offering more resiliency than traditional DNS lookups since DNS information resides within the permissioned distributed ledger 18, which is decentralized and resilient against single node crashes.
Alternatively or additionally, some embodiments substantially preserve the standard DNS service frontend, e.g., the interface between the querying device and the DNS server remains intact. For this and/or other reasons, some embodiments may be applied to existing DNS Information Technology (IT) infrastructure and/or existing 3GPP networks.
Figure 2 for example shows some embodiments as applied to an Enhanced Packet Core (EPC) or 5G Core (5GC) network according to 3GPP standards. In this example, the wireless communication device 10 attaches to a wireless communication network 10 that includes an EPC or 5GC. The device 10 as shown in this regard transmits an attach request 40 towards the network 10, e.g., towards the network node 24 which in this case may take the form of a Mobility Management Entity (MME) for EPC or an Access and Mobility Function (AMF) for 5GC. The network node 40 in response transmits towards a packet gateway (PGW) / User Plane Function (UPF) 42 a request 44 to create a packet data session for the wireless communication device 10. The PGW/UPF 42 correspondingly performs IP address allocation 46 in order to allocate an IP address 10C to the wireless communication device 10 for the requested packet data session. The PGW/UPF 42 then transmits a response 48 to the network node 24 indicating the new IP address 10C allocated to the wireless communication device 10.
In some embodiments, the network node 24 then transmits an information request 50 to the permissioned distributed ledger 18 indicating the subscription identifier 10A (here, in the form of an I MSI) and requesting information recorded in the distributed ledger 18 for that subscription identifier 10A; namely, the associated IP address and/or domain name 10B. In this way, the network node 24 effectively queries the distributed ledger 18 for the most recently recorded IP address for the wireless communication device 10. The network node 24 receives a response 52 with this requested information. In one or more embodiments, the network node 24 checks whether the returned IP address is the same as the IP address 10C just assigned to the wireless communication device 10 upon attachment. If the IP address 10C just assigned is new such that it differs from the latest IP address recorded on the permissioned distributed ledger 18, the network node 24 adds 54 a new record to the distributed ledger 18 that associates the new IP address 10C with the subscription identifier 10A and/or the domain name 10B. That is, in some embodiments, the network node 24 selectively adds the new record responsive to identifying that the new IP address differs from the most recently recorded IP address. In some embodiments, the network node 24 may receive a confirmation 56 that the record was added to the distributed ledger 18 as requested.
In some embodiments (not shown), this update to the permissioned distributed ledger 18 may be propagated to an authoritative DNS server. If done in a push fashion, the permissioned distributed ledger 18 may communicate the update to the authoritative DNS server. If done in a pull fashion, by contrast, the authoritative DNS server may request the update from the permissioned distributed ledger 18.
Figure 3A shows additional details of the structure of a record 60 on the permissioned distributed ledger 18 according to some embodiments. As shown, the record 60 may include a DNS record 62-1 paired or otherwise associated with a subscription identifier 64-1 (e.g., IMSI). The DNS record 62-1 may for example correspond to a DNS address (“A”) record so as to indicate a domain name and an IP address, and optionally a TTL value. Or, the DNS record 62-1 may correspond to a canonical name (“CNAME”) record so as to indicate that an alias domain name maps to a canonical domain name. In some embodiments, the DNS record 62-1 and the subscription identifier 64-1 may also be associated with a cryptographic key 66-1 , e.g., that can be used as a challenge for addition of subsequent records for that subscription identifier 64-1.
The record 60 according to some embodiments may also include one or more additional DNS records 62-2...62-N and associated subscription identifiers 64-2...64-N and/or
cryptographic keys 66-2...66-N. This may enable the record 60 to efficiently indicate information about multiple subscription identifiers so as to not flood the distributed ledger 18 unnecessarily with multiple records. In fact, the enterprise system 16 may exploit the record’s capability in this regard in order to more efficiently register wireless communication devices every day, week, month, or some other time interval, depending on the volume and time spanning the enterprise’s activity with respect to those devices. For instance, where the enterprise is the device manufacturer, the manufacturer may register the manufactured devices every day, week, month, etc., depending on the production volume and time spanning production to sale.
Figure 3B shows one specific realization of a record 60 for indicating information associated with multiple wireless communication devices that are connected vehicles. As shown, the record 60 includes nine <DNS Record, IMSI> tuples 60A...60I corresponding to nine different vehicles. Each tuple for a vehicle includes an IMSI associated with the vehicle, formed from a Mobile Country Code (MCC), a Mobile Network Code (MNC) and a Mobile Subscription Identification Number (MSIN). Each tuple for a vehicle also includes a DNS Address record that, from left to right, includes a domain name assigned to the vehicle, a TTL value for the domain name, and an IP address assigned to the vehicle. In this example, the tuples 60A, 60B, 60C, and 60D are for vehicles 66-1 for Greece, the tuples 60E, 60F, and 60G are for vehicles 66-2 for Germany, and the tuples 60H and 60I are for vehicles 66-3 for France. Such a record 60 may be added for instance by a manufacturer that manufactured these 10 vehicles in one day, for three different countries, and integrated into those vehicles secure hardware components (e.g., SIM cards) working for the respective operators in these countries.
Figures 3C and 3D show specific realizations of another record 60 that includes a canonical name DNS record. As shown in Figure 3C, the record 60 includes a <DNS Record, IMSI> tuple 60J associated with the same IMSI and vehicle as the tuple 60A in Figure 3B. This tuple 60J corresponds to a CNAME record so as to indicate that an alias domain name of 3B0907552BK.BOSH.COM maps to a canonical domain name of
2B8GP34352R662788.OPEL.COM. Here, 3B0907552BK may be the number of an on-board Electronic Control Unit (ECU) that was supplied by a Bosh vendor and integrated into the vehicle by the vehicle’s manufacturer. In this case, the vehicle’s manufacturer may add the record 60 with the tuple 60J to the distributed ledger 18 when the vehicle is manufactured and/or when the Bosh ECU is integrated into the vehicle.
As shown in Figure 3D, yet another record 60 includes a <DNS Record, IMSI> tuple 60K associated with the same IMSI and vehicle as the tuple 60A in Figure 3B. This tuple 60K corresponds to a CNAME record so as to indicate that an alias domain name of
JFS331.TRANSPORTSTYRELSEN.SE maps to a canonical domain name of
2B8GP34352R662788.OPEL.COM. Here, JFS331 may be the vehicle registration number (e.g., as shown on the license plate) assigned to the vehicle by an enterprise in the form of the Swedish Transportation Authority. In this case, then, the Swedish Transportation Authority may add the record with the tuple 60K to the distributed ledger 18 when the vehicle is registered.
In the example of Figures 3B-3D, different parties may use different domain names to interact with the same vehicle. For instance, a software third party vendor writing an application for the vehicle, such as an automatic service booking application for a chain of car servicing stations, may connect to the vehicle by using the domain name
2B8GP34352R662788.OPEL.com. BOSH may connect to the vehicle’s ECU by using the domain name 3B0907552BK.BOSH.COM, e.g., in order to perform a firmware update on the ECU. And the police may retrieve information about the vehicle by using the domain name JFS331.TRANSPORTSTYRELSEN.SE.
Figure 4 shows further details of the structure of the permissioned distributed ledger 18 according to some embodiments in which the distributed ledger 18 is a blockchain. As shown, the distributed ledger 18 includes a chain of N records 70-1 , 70-2,...70-N in the form of blocks. Each block is linked to the previous block in the chain, with each block containing a
cryptographic hash of the previous block. In addition to the DNS record(s) 62, subscription identifier(s) 64, and cryptographic key(s) 66 described above, the information in each block may also include a timestamp 68 of when the block was added to the permissioned distributed ledger 18. Regardless, these M blocks may be replicated and synchronized between the wireless communication network 10 and the enterprise system 16, so as to represent a consensus of data describing the association between domain names and IP addresses for respective subscription identifiers.
In some embodiments as shown in Figure 5, though, the distributed ledger 18 has a multi-tier (i.e. , multi-dimensional) structure with multiple tiers that include an operator tier 18A associated with the wireless communication network’s operator and an enterprise tier 18B associated with the enterprise. In this case, the records 60-1 , 60-2,...60-M shown in Figure 4 may be just the records in the enterprise tier 18B; that is, the enterprise system 16 and/or the wireless communication network 10 may add the records described above to the enterprise tier 18B. Record(s) in the operator tier 18A may contain other information related to the operator’s supervision or management of the enterprise. Figure 6 for example illustrates additional details of records in each tier according to some embodiments. As shown, the enterprise tier 18B includes a set of one or more enterprise- tier records 60-1 , 60-2,...60-M that correspond to the records shown in Figure 4 for the enterprise of the enterprise system 16. In addition, an operator-tier record 70-1 in the operator tier 18A includes information that the wireless communication network’s operator maintains about and/or for the enterprise. This record 70-1 may be created for instance upon the operator onboarding the enterprise. Additional record(s) (e.g., record 70-K) may be appended to this record 70-1 in the operator tier 18A (e.g., after onboarding) to effectively update and/or overwrite conflicting information in records appended previously in time, while still preserving the previously appended records for historical reference and auditing purposes. The operator tier 18A may therefore include a set of one or more operator-tier records with information associated with the enterprise and/or one or more other enterprises.
The information in an operator-tier record may include an enterprise identifier (ID) 72 that identifies an enterprise to which the operator-tier record relates. The operator-tier record may also include information (e.g., in the form of a DNS record range 74) indicating domain names that the enterprise is allowed to assign. The operator-tier record may additionally include information (e.g., in the form of an IP address range 76) indicating IP addresses assignable to wireless communication devices associated with the enterprise. The operator-tier record may furthermore include information (e.g., in the form of a subscription identifier range 78) indicating subscription identifiers whose administration the network’s operator has delegated to the enterprise.
The operator-tier record in some embodiments also includes a pointer 73 that links the operator-tier record to the set of one or more enterprise-tier records 60-1 , 60-2,...60-M for the enterprise. The pointer 73 may for instance point or otherwise link the operator-tier record to the first enterprise-tier record 60-1 in the set, with remaining records in the set linked in a chain to the first enterprise-tier record 60-1.
For example, in some embodiments, when the network’s operator onboards a new enterprise, the network’s operator creates the first enterprise-tier record 60-1 in the enterprise tier 18B and the first 70-1 in the operator tier 18A. The operator links those records/tiers using the pointer 73 in the operator-tier record. The operator may provide this pointer 73 to the enterprise system 16 so that the enterprise system 16 knows where and how to access the first record 60-1 in the enterprise tier 18B, for adding enterprise-tier records to the enterprise-tier 18B as described above.
In some embodiments, the tiered nature of the distributed ledger 18 facilitates access control to the distributed ledger 18. In one embodiment, for example, the operator may effectively write to or update the records in the operator tier 18A (e.g., by adding new record(s) that override or otherwise render ineffective previously added records), but the enterprise system 16 cannot. In fact, in some embodiments, the permissioned distributed ledger 18 is distributed in the sense that at least one tier of the ledger 18 is distributed between the enterprise system 16 and the wireless communication network 10. In one or more such embodiments, the enterprise tier 18B but not the operator tier 18A is distributed between the enterprise system 16 and the wireless communication network 10. The enterprise system 16 may therefore not even have read access to the operator tier 18A. Instead, the enterprise system 16 may just have read and write access to the enterprise tier 18B.
In some embodiments, though, the enterprise system 16 may only add records to the permissioned distributed ledger 18 subject to the approval, oversight, and/or supervision of another system or entity; namely, a DNS Manager (DNSM) 80 as shown in Figure 1. A DNSM as used herein is an entity that owns and operates a DNS that participates in the permissioned distributed leger 18. A DNSM may for instance manage one or more authoritative DNSs, e.g., such as those responsible for domain names of devices manufactured, distributed, or sold by an enterprise. The DNSs in some embodiments may be physically located at and managed by the enterprise itself, or by a third party managing on behalf of the enterprise. The DNSs may nonetheless operate the DNS IETF protocols in some embodiments, but may store domain records in the permissioned distributed ledger 18 instead of or in addition to a local database.
In any event, the approval, oversight, and/or supervision of the DNSM 80 may be based on the recorded domain name assignment and/or subscription identifier administration complying with rules governing such assignment or administration This approval, oversight, and/or supervision may be inherently embodied in the distributed ledger’s consensus protocol, e.g., so as to exploit the consensus protocol for realizing substantially real-time oversight of the enterprise system’s domain name assignment and/or subscription identifier administration. These and other embodiments herein may advantageously improve the flexibility, cost, and speed with which domain names can be assigned, while maintaining oversight of that assignment.
As shown in Figure 1 , for example, the enterprise system 16 may add a record 22 to the distributed ledger 18 subject to the approval of the DNSM 80. In these embodiments, the enterprise system 16 sends to the DNSM 80 the record 22 to be added to the distributed ledger 18. The DNSM 80 receives the record 22 and verifies whether the record 22 conforms to one or more rules. For example, the one or more rules may more specifically specify the format to which each indicated domain name 10B and/or subscription identifier 10A must conform. The required format of the domain name 10B and/or subscription identifier 10A may for instance be specified in terms of an allowable length, an allowable set of characters or digits, allowable locations of certain characters or digits, or the like.
The DNSM 80 may alternatively or additionally verify whether each domain name 10B and/or subscription identifier 10A has been assigned within a time period that conforms to the one or more rules. The one or more rules may for instance specify how many domain names and/or subscription identifiers are allowed to be assigned by the enterprise system 16 during a certain time period, e.g., 10,000 per year.
Alternatively or additionally, the DNSM 80 verifies whether the domain name 10B and/or subscription identifier 10A has been assigned with only one end user or end device in conformance with the one or more rules. For example, the one or more rules may specify that any given domain name or subscription identifier may be associated with only one
subscription, e.g., by being assigned to only one secure hardware component. This may prevent the same domain name or subscription identifier from being assigned multiple times.
As another example, the DNSM 80 in some embodiments verifies whether each domain name and/or subscription identifier is within a set (e.g., a range) of domain names and/or subscription identifiers that is assignable by the enterprise system 16 according to the one or more rules. In one embodiment, for instance, the one or more rules specify that the enterprise system 16 is only permitted to assign domain names or subscription identifiers included in a certain set, e.g., with domain names or subscription identifiers outside of the set being reserved for other enterprises.
In these and other embodiments, then, the DNSM 80 may verify whether the enterprise system 16 is adding a record 22 with domain name(s) and/or subscription identifier(s) in conformance with the one or more rules.
No matter the particular nature of the verification, the DNSM 80 approves or rejects the record 22 for addition to the permissioned distributed ledger 18 depending on the verification. In particular, if the DNSM 80 verifies that the record 22 does conform to the one or more rules, the DNSM 80 approves the record 22 for addition to the permissioned distributed ledger 18. But if the DNSM 80 verifies that the record 22 does not conform to the one or more rules, the DNSM 80 rejects the record 22 for addition to the permissioned distributed ledger 18. The DNSM 80 accordingly sends a response 82 to the enterprise system 16 indicating whether the DNSM 80 approves of or rejects the record 22 being added to the permissioned distributed ledger 18. The enterprise system 16 correspondingly adds or does not add the record 22 to the permissioned distributed ledger 18 depending on the response 82. In some embodiments, the enterprise system 16 may perform one or more remedial actions if the DNSM 80 rejects the record 22, such as correcting domain name formatting or otherwise resolving reasons for the rejection, e.g., as signaled to the enterprise system 16.
In some embodiments, the wireless communication network 12 similarly adds a record 26 to the distributed ledger 18 subject to the approval of the DNSM 80. In these embodiments, then, the network node 24 sends to the DNSM 80 the record 26 to be added to the distributed ledger 18. The DNSM 80 receives the record 26 and verifies whether the record 26 conforms to one or more rules, as described above. If the DNSM 80 verifies that the record 26 does conform to the one or more rules, the DNSM 80 approves the record 26 for addition to the permissioned distributed ledger 18. But if the DNSM 80 verifies that the record 26 does not conform to the one or more rules, the DNSM 80 rejects the record 26 for addition to the permissioned distributed ledger 18. The DNSM 80 accordingly sends a response 84 to the wireless communication network 12 indicating whether the DNSM 80 approves of or rejects the record 26 being added to the permissioned distributed ledger 18. The wireless communication network 12 correspondingly adds or does not add the record 26 to the permissioned distributed ledger 18 depending on the response 84.
With the DNSM’s verification dictating or otherwise controlling which records are added to the permissioned distributed ledger 18, the DNSM 80 in this way controls the consensus represented by the distributed ledger 18. In some embodiments, then, the DNSM’s verification is inherently embodied in the distributed ledger’s consensus protocol so as to exploit the consensus protocol for realizing substantially real-time oversight of the enterprise system’s domain name assignment and/or the wireless communication network’s IP address assignment. This may improve the cost and speed with which domain names and/or IP addresses can be assigned, without sacrificing regulator oversight. With reduced cost and increased speed, some embodiments allow domain names, IP addresses, and/or subscription identifiers to be quickly assigned to many devices with short notice, e.g., in an loT context involving a large number of devices.
Moreover, because the distributed nature of the ledger 18 inherently replicates information about domain name assignment and/or IP address assignment at the DNSM 80’s own copy of the distributed ledger 18, some embodiments provide the DNSM 80 with the ability to perform on-demand analysis (e.g., auditing) of that domain name assignment and/or IP address assignment for compliance with applicable rules.
In embodiments with a DNSM 80, the distributed ledger 18 may not only have an enterprise tier 18B and an operator tier 18A but also a DNSM tier 18C. Figure 7 shows an example of the information included in the distributed ledger’s records according to some of these embodiments.
As shown in Figure 7, the DNSM tier 18C includes a set of one or more DNSM tier records, one of which is shown as record 90. This record 90 indicates one or more IP addresses 92 for one or more DNS servers managed by the DNSM. The record 90 also indicates a range 94 of domain names managed by the one or more DNS servers. The record 90 finally includes a pointer 96 to the operator tier 18A of an operator. The DNS record range 94 in the DNSM tier limits the DNR record range 74 in the operator tier 18A, so as to limit the range of domain names assignable in lower level tiers.
Note that some embodiments have been illustrated herein with respect to a single wireless communication network 12. Embodiments herein however may be applied in a similar way to one or more other wireless communication networks.
Figure 8 illustrates an example structure of the permissioned distributed ledger 18 in such a case of multiple operators. As shown, the DNSM tier 18C includes multiple sets 18A1 , 18A2,...18AX of one or more DNS-specific records. Each set contains records with information associated with a specific DNS server or set of DNS servers, and is linked to a respective set 18B1 , 18B2,... 18BY of operator-specific records in the operator tier 18A. Each set of operator- specific record(s) in the operator tier 18A is specific to a certain operator and may include records as shown in Figure 6 or 7. Each operator-specific record set 18B1 , 18B2,... 18BY in the operator tier 18a is linked to one or more enterprise-specific record sets. As shown, for example, operator-specific record set 18B1 is linked to one or more enterprise-specific record sets 18C1 , operator-specific record set 18B2 is linked to one or more enterprise-specific record sets 18C2, and operator-specific record set 18BY is linked to one or more enterprise-specific record sets 18CZ. The one or more enterprise-specific record sets associated with a certain operator (e.g., enterprise-specific record set(s) 18C1) may include for instance the record sets shown in Figure 6 or 7.
Figure 9 shows an overview of the system in these and other embodiments with multiple operators. Here, multiple networks and DNS servers participate in the permissioned distributed ledger 18. Every participating entity has a copy of the same distributed leger. As shown, for instance, each of Networks 1 , 2, and 3 has a respective copy of the distributed ledger 18-1 , 18-2, and 18-3. Similarly the enterprise system 16 and DNSM 18 each maintains their own copy of the distributed ledger 18-4, 18-5, respectively. A TPIA 90 may also participate so as to maintain its own copy of the distributed ledger 18-6. In some
embodiments, though, different participants may have different access rights and/or may maintain different tiers. In one embodiment, a participant has write access to its own tier and the tiers below it, while having read-only access (or no access) to the tiers above. In Figure 9, for example, the DNSM 80 and networks 1 , 2, and 3 may have read and write access to certain tiers of the distributed ledger 18. In some embodiments, though, a subgroup of the participants verifies transactions so as to approve or reject the addition of new records to the distributed ledger 18. In one embodiment, for instance, the DNSM 80 and/or the networks belong to this subgroup.
Consider an example in the context of an enterprise that is an automotive
manufacturer. Some embodiments enable the enterprise to add wireless connectivity to a vehicle even before the vehicle is shipped out of the factory. To this end, a network operator may onboard the enterprise by creating an operator-tier record in the distributed ledger 18 associated with the enterprise and by linking the operator-tier record to an enterprise-tier record. The operator may inform the enterprise system 16 of this linking so that the enterprise system 16 knows where to add enterprise-tier records in the distributed ledger 18. The enterprise system 16 in this regard may create a new enterprise-tier record. The new enterprise-tier records may include a subscription identifier that is to identify a wireless communication network subscription and may also include a domain name that is to correspond to a certain VIN. The subscription identifier may for instance be an IMSI (e.g., 082920103976696476) and the domain name may be based on the certain VI N and manufacturer name, e.g., 1G1YY22P5R5435719.toyota.com. The enterprise system 16 may then send the record to the network 12 and/or the DNSM 80 for approval or rejection. Upon approval for addition to the enterprise tier, the enterprise system 16 may add the record to the enterprise-tier in the distributed ledger 18. Then, the enterprise system 16 may simply create a new secure hardware component with the subscription identifier and physically install the secure hardware component into a vehicle identified by the certain VIN. This way, when the vehicle is picked up by a dealer to be sold, the vehicle already has a working subscription identifier and domain name, e.g., for a working wireless communication connection and DNS reachability.
Accordingly, some embodiments advantageously provide flexible and quick (e.g., on demand) subscription identifier and domain name assignment to operators and/or enterprises. This may mitigate procurement costs and remove the administrative overhead of having to manage domain name assignment, while still allowing oversight of that assignment.
Note further that although some embodiments have been described with examples where subscription identifiers are IMSIs or MSI Ns, embodiments herein apply to any type of subscription identifiers that identify subscriptions to receive service from a wireless
communication network operator. For example, subscription identifiers in other embodiments may be mobile station international subscriber directory numbers (MSISNs), integrated circuit card identifiers (ICCIDs), GUTIs, or the like.
With regard to GUTIs, the difference between a GUTI and an IMSI is that the former is (re)generated by an MME core network node on a device’s behalf upon device reattach, or even while it is attached to the network. The IMSI by contrast has a fixed value. Accordingly, in case GUTI and not IMSI is used, then every record will include a new device identifier as GUTI is generated on network attach. The record in this case contains GUTI as an identifier and can be created when a new GUTI is created (i.e. not only on-attach, but also while the device is attached, if MME generates a new GUTI). Furthermore, as GUTI is generated from the network- side, an initial“new record” block created by the enterprise would in this case have an IMSI identifier. Then, upon addition of a first update block issued by a network, the IMSI identifier would be replaced by a GUTI.
Alternatively or additionally, some embodiments herein control time-to-live (TTL) values in such a way as to provide global and rapid propagation of IP address changes in the permissioned distributed ledger 18. An authoritative DNS server may for instance predict or otherwise determine a TTL value to be applied to any DNS record for a domain name 10B assigned to a wireless communication device 10 (or an associated secure hardware component 14). The authoritative DNS server may for instance advantageously determine this TTL value based on information indicating historical or predicted changes in IP addresses associated with the domain name 10B and/or in movement of the wireless communication device 10. The device’s movement may for instance exploit a mobility vector of the device, e.g., on a cell level, so as to indicate how fast and to which general direction the device is moving. The authoritative DNS server may then apply this determined TTL value to one or more DNS records for the domain name 10B. Alternatively or additionally, the authoritative DNS server may transmit control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name at the one or more other DNSs. This way, the time such DNS records are cached will advantageously approximate the IP address re-assignments for the domain name in the DNS records. This in turn improves propagation time as TTLs are more directly controlled by the permissioned distributed ledger 18 as opposed to fixed threshold set by a DNS server.
In view of the above modifications as variations, Figure 10 illustrates a method performed by a network node 24 in a wireless communication network 12 according to some embodiments. The method 100 includes determining an IP address 10B assigned by the wireless communication network 12 to a wireless communication device 10 (Block 110). Where the IP address 10B is assigned by another node, this may involve receiving control signaling from the other node indicating the assigned IP address 10B. Regardless, the method 100 as shown further includes adding, to a permissioned distributed ledger 18 that is distributed at least in part between the wireless communication network 12 and an enterprise system 16 of an enterprise, a record 26 that associates the IP address 10B with a domain name 10C assigned by the enterprise to the wireless communication device 10 or to a secure hardware component 14 associated with the wireless communication device 10 (Block 120). In some embodiments, this addition may be performed responsive to identifying that the determined IP address 10B differs from the most recently recorded IP address (as indicated based on a query to the permissioned distributed ledger 18). Alternatively or additionally, this addition may be performed responsive to a DNSM 80 indicating that the DNSM 80 approves of the record 226 being added to the permissioned distributed ledger 18.
Figure 11 illustrates a method performed by an enterprise system 16 of an enterprise according to other embodiments. The method 200 includes sending, to a domain name system manager, DNSM, 80 a record 22 that indicates a domain name 10B assigned by the enterprise to a wireless communication device 10 or to a secure hardware component 14 associated with the wireless communication device 10 (Block 210). The record 22 may for instance correspond to a complete or partial DNS address record so that the domain name 10B is or is to be resolvable to an IP address. Or, the record 22 may for instance correspond to a canonical name (CNAME) record so that the domain name 10B is an alias which is or is to be resolvable to a canonical domain name. In any case, the method may also include, responsive to sending the record 26, receiving one or more responses 84 that indicate whether the DNSM 80 approves of or rejects the record 26 being added to a permissioned distributed ledger 18 that is distributed at least in part between the enterprise system 16 and the DNSM 80 (Block 220). The method 200 as shown may then include adding or not adding the record 26 to the permissioned distributed ledger 18 depending on the one or more responses 84 (Block 230).
Figure 12 illustrates a corresponding method according to some embodiments. The method may be performed by the DNSM 80 or the wireless communication network 12. The method 300 includes receiving, from either a wireless communication network 12 or an enterprise system 16 of an enterprise, a record 22, 26 that indicates a domain name 10B assigned by the enterprise to a wireless communication device 10 or a secure hardware component 14 associated with the wireless communication device 10 (Block 310). The method also includes verifying whether the record 22, 26 conforms to one or more rules (Block 320).
The method then includes, depending on said verifying, approving or rejecting the record 22, 26 for addition to a permissioned distributed ledger 18 that is distributed at least in part between the enterprise system 16 and the wireless communication network 12 (Block 330).
Figure 13 illustrates a method performed by a DNS server 28 according to still other embodiments. The method 400 includes receiving a query 30 for an IP address 10C associated with a domain name 10B (Block 410). The method also includes determining the IP address 10C associated with the domain name 10B from a permissioned distributed ledger 18 that is distributed at least in part between a wireless communication network 12 and an enterprise system 16 of an enterprise that assigned the domain name 10B to the wireless communication device 10 or a secure hardware component 14 associated with the wireless communication device 10 (Block 420). Such determination may for instance involve determining the IP address to which the distributed ledger 18 directly maps the domain name 10B (e.g., using a DNS address record), or determining the IP address to which the distributed ledger 18 indirectly maps the domain name 10B (e.g., using a DNS address record and one or more DNS canonical name records). In any event, the method then includes responding to the query 30 with the determined IP address 10C (Block 430).
In some embodiments, the method includes deciding to determine the IP address 10C from the permissioned distributed ledger 18, based on a freshness metric (e.g., TTL) indicating that a DNS record for the domain name 10B at the DNS server 28 is no longer fresh.
Figure 14 illustrates a method performed by an authoritative DNS server according to yet other embodiments. The method 500 as shows includes determining a time-to-live, TTL, value to be applied to any DNS record for a domain name 10B assigned to a wireless communication device 10 or a secure hardware component 14 associated with the wireless communication device 10, based on information indicating historical or predicted changes in IP addresses associated with the domain name 10B and/or in movement of the wireless communication device 10 (Block 510). The method then includes applying the determined TTL value to one or more DNS records for the domain name 10B (Block 520). In some embodiments, the method also includes transmitting control signaling to one or more other DNSs indicating the determined TTL value to be applied to any DNS record for the domain name 10B at the one or more other DNSs (Block 530).
Note that a wireless communication device 10 herein is any type device capable of communicating with another device or node using wireless signals. A wireless communication device 10 may therefore refer to a mobile terminal, a user equipment, a machine-to-machine (M2M) device, a machine-type communications (MTC) device, a NB-loT device, etc. It should be noted though that a user equipment (UE) does not necessarily have a“user” in the sense of an individual person owning and/or operating the device. A wireless communication device, including a user equipment, may therefore also be referred to as a radio device, a radio communication device, a wireless terminal, or simply a terminal - unless the context indicates otherwise, the use of any of these terms is intended to include device-to-device UEs or devices, machine-type devices or devices capable of machine-to-machine communication, sensors equipped with a wireless communication device, wireless-enabled table computers, mobile terminals, smart phones, laptop-embedded equipped (LEE), laptop-mounted equipment (LME), USB dongles, wireless customer-premises equipment (CPE), etc. In the discussion herein, the terms machine-to-machine (M2M) device, machine-type communication (MTC) device, wireless sensor, and sensor may also be used. It should be understood that these devices may be UEs, but are generally configured to transmit and/or receive data without direct human interaction.
In an IOT scenario, a wireless communication device 10 as described herein may be, or may be comprised in, a machine or device that performs monitoring or measurements, and transmits the results of such monitoring measurements to another device or a network.
Particular examples of such machines are power meters, industrial machinery, or home or personal appliances, e.g. refrigerators, televisions, personal wearables such as watches etc. In other scenarios, a wireless communication device 10 as described herein may be comprised in a vehicle and may perform monitoring and/or reporting of the vehicle’s operational status or other functions associated with the vehicle.
Note that the network node 24 as described above may perform the processing herein by implementing any functional means or units. In one embodiment, for example, the network node 24 comprises respective circuits configured to perform the steps shown in Figure 10. The circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of network node 24 contains instructions executable by the processing circuitry such that the network node 24 is configured to carry out the processing herein. The memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18. Figure 15 illustrates additional details of network node 24 in accordance with one or more embodiments. As shown, the network node 24 includes processing circuitry 600 and communication circuitry 610. The communication circuitry 610 is configured to communication with one or more other nodes, e.g., the enterprise system 16. The processing circuitry 600 is configured to perform processing described above, e.g., in Figure 10, such as by executing instructions stored in memory 620. The memory 620 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18. The processing circuitry 600 in this regard may implement certain functional means or units.
Similarly note that the enterprise system 16 as described above may perform the processing herein by implementing any functional means or units. In one embodiment, for example, the enterprise system 16 (or more specifically enterprise node 20) comprises respective circuits configured to perform the steps shown in Figure 11. The circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of enterprise system 16 contains instructions executable by the processing circuitry such that the enterprise system 16 is configured to carry out the processing herein. The memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
Figure 16 illustrates additional details of enterprise system 16 (e.g., enterprise node 20) in accordance with one or more embodiments. As shown, the enterprise system 16 (e.g., enterprise node 20) includes processing circuitry 700 and communication circuitry 710. The communication circuitry 710 is configured to communication with one or more other nodes, e.g., the network node 24. The processing circuitry 700 is configured to perform processing described above, e.g., in Figure 11 , such as by executing instructions stored in memory 720.
The memory 720 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18. The processing circuitry 700 in this regard may implement certain functional means or units.
Also note that the DNSM 80 as described above may perform the processing herein by implementing any functional means or units. In one embodiment, for example, the DNSM 80 comprises respective circuits configured to perform the steps shown in Figure 12. The circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of DNSM 80 contains instructions executable by the processing circuitry such that the DNSM 80 is configured to carry out the processing herein. The memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
Figure 17 illustrates additional details of DNSM 80 accordance with one or more embodiments. As shown, the DNSM 80 includes processing circuitry 800 and communication circuitry 810. The communication circuitry 810 is configured to communication with one or more other nodes, e.g., the enterprise system 16 and/or network node 24. The processing circuitry 800 is configured to perform processing described above, e.g., in Figure 12, such as by executing instructions stored in memory 820. The memory 820 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18. The processing circuitry 800 in this regard may implement certain functional means or units.
Further note that the DNS server 28 as described above may perform the processing herein by implementing any functional means or units. In one embodiment, for example, the DNS server 28 comprises respective circuits configured to perform the steps shown in Figure 13. The circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein. That is, in some embodiments memory of DNS server 28 contains instructions executable by the processing circuitry such that the DNS server 28 is configured to carry out the processing herein. The memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
Figure 18 illustrates additional details of DNS server 28 in accordance with one or more embodiments. As shown, the DNS server 28 includes processing circuitry 900 and
communication circuitry 910. The communication circuitry 910 is configured to communication with one or more other nodes, e.g., the network node 24. The processing circuitry 900 is configured to perform processing described above, e.g., in Figure 13, such as by executing instructions stored in memory 920. The memory 920 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18. The processing circuitry 900 in this regard may implement certain functional means or units.
Furthermore note that the an authoritative DNS server as described above may perform the processing herein by implementing any functional means or units. In one embodiment, for example, the authoritative DNS server comprises respective circuits configured to perform the steps shown in Figure 14. The circuits in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more microprocessors, carries out the techniques described herein.
That is, in some embodiments memory of the authoritative DNS server contains instructions executable by the processing circuitry such that the authoritative DNS server is configured to carry out the processing herein. The memory may additionally or alternatively be configured for realizing the permissioned distributed ledger 18.
Figure 19 illustrates additional details of an authoritative DNS server 98 in accordance with one or more embodiments. As shown, the authoritative DNS server 98 includes processing circuitry 950 and communication circuitry 960. The communication circuitry 960 is configured to communication with one or more other nodes, e.g., the network node 24. The processing circuitry 950 is configured to perform processing described above, e.g., in Figure 14, such as by executing instructions stored in memory 970. The memory 970 may alternatively or additionally be configured to store information of the permissioned distributed ledger 18. The processing circuitry 950 in this regard may implement certain functional means or units.
Those skilled in the art will also appreciate that embodiments herein further include corresponding computer programs.
A computer program comprises instructions which, when executed on at least one processor of a node, device, or system, cause the node, device, or system to carry out any of the respective processing described above. A computer program in this regard may comprise one or more code modules corresponding to the means or units described above.
Embodiments further include a carrier containing such a computer program. This carrier may comprise one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

Claims

CLAIMS What is claimed is:
1. A method performed by a network node (24) in a wireless communication network (12), the method comprising:
determining (1 10) an Internet Protocol, IP, address (10C) assigned by the wireless communication network (12) to a wireless communication device (10); and adding (120), to a permissioned distributed ledger (18) that is distributed at least in part between the wireless communication network (12) and an enterprise system (16) of an enterprise, a record that associates the IP address (10C) with a domain name (10B) assigned by the enterprise to the wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10).
2. The method of claim 1 , wherein the permissioned distributed ledger (18) includes at least an operator tier associated with an operator of the wireless communication network (12) and an enterprise tier associated with the enterprise, and wherein said adding comprises adding the record to the enterprise tier.
3. The method of claim 2, wherein the operator tier includes one or more operator-tier records, wherein an operator-tier record includes information associated with an enterprise to which the operator of the wireless communication network (12) has delegated administration of a set of subscription identifiers and further includes information indicating domain names that the enterprise is allowed to assign, wherein each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier, wherein an enterprise-tier record for an enterprise includes information indicating, for each of one or more wireless communication devices, a domain name (10B) assigned to the wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10) and any IP address (10C) associated with that domain name (10B), and wherein said adding comprises adding the record as an enterprise-tier record for the enterprise which assigned the domain name (10B).
4. The method of any of claims 1-3, further comprising, before adding the record, querying the permissioned distributed ledger for a most recently recorded IP address (10C) for the wireless communication device (10), and wherein said adding is performed responsive to identifying that the determined IP address (10C) differs from the most recently recorded IP address (10C).
5. The method of any of claims 1-4, wherein the record also associates the determined IP address (10C) and/or the domain name (10B) with a subscription identifier, wherein the subscription identifier identifies a subscription to the wireless communication network (12) and is associated with the secure hardware component (14).
6. The method of any of claims 1 -5, wherein the permissioned distributed ledger (18) is distributed between not only the wireless communication network (12) and the enterprise system (16) but also a domain name system manager, DNSM, wherein the method further comprises:
sending the record to the DNSM; and
responsive to sending the record, receiving a response that indicates whether the DNSM approves of or rejects the record being added to the permissioned distributed ledger (18);
wherein said adding is performed responsive to the response indicating that the DNSM approves of the record being added to the permissioned distributed ledger (18).
7. The method of any of claims 1-6, wherein determining the IP address (10C) comprises receiving control signaling indicating the IP address (10C).
8. The method of any of claims 1-7, wherein the network node (24) is configured to perform mobility management in the wireless communication network (12).
9. The method of any of claims 1-8, wherein the enterprise manufactured the wireless communication device (10), distributed the wireless communication device (10), sold the wireless communication device (10), activated or provisioned the wireless communication device (10), integrated the wireless communication device (10) into another device or system, and/or provided a service using the wireless communication device (10).
10. A method performed by an enterprise system (16) of an enterprise, the method comprising:
sending (210), to a domain name system manager, DNSM, a record that indicates a domain name (10B) assigned by the enterprise to a wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10);
responsive to sending the record, receiving (220) one or more responses that indicate whether the DNSM approves of or rejects the record being added to a permissioned distributed ledger (18) that is distributed at least in part between the enterprise system (16) and the DNSM; and adding or not adding (230) the record to the permissioned distributed ledger (18) depending on the one or more responses.
1 1. The method of claim 10, wherein the record further indicates a subscription identifier that identifies a subscription to a wireless communication network (12) and that is assigned by the enterprise to the secure hardware component (14) associated with the wireless communication device (10).
12. The method of any of claims 10-1 1 , wherein the permissioned distributed ledger (18) includes at least an operator tier associated with an operator of a wireless communication network (12) and an enterprise tier associated with the enterprise, and wherein said adding or not adding comprises adding or not adding the record to the enterprise tier.
13. The method of claim 12, wherein the operator tier includes one or more operator-tier records, wherein an operator-tier record includes information associated with an enterprise to which the operator of the wireless communication network (12) has delegated administration of a set of subscription identifiers and further includes information indicating domain names that the enterprise is allowed to assign, wherein each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier, wherein an enterprise-tier record for an enterprise includes information indicating, for each of one or more wireless communication devices, a domain name (10B) assigned to the wireless communication device (10) or a secure hardware component (14) associated with the wireless communication device (10) and any IP address (10C) associated with that domain name (10B), and wherein said adding or not adding comprises adding or not adding the record as an enterprise-tier record for the enterprise which assigned the domain name (10B).
14. The method of any of claims 10-13, wherein the enterprise manufactured the wireless communication device (10), distributed the wireless communication device (10), sold the wireless communication device (10), activated or provisioned the wireless communication device (10), integrated the wireless communication device (10) into another device or system, and/or provided a service using the wireless communication device (10).
15. A method performed by a domain name system, DNS, server, the method comprising: receiving (310) a query for an IP address (10C) associated with a domain name (10B); determining (320) the IP address (10C) associated with the domain name (10B) from a permissioned distributed ledger that is distributed at least in part between a wireless communication network (12) and an enterprise system (16) of an enterprise that assigned the domain name (10B) to the wireless communication device (10) or a secure hardware component (14) associated with the wireless communication device (10); and
responding (330) to the query with the determined IP address (10C).
16. The method of claim 15, further comprising deciding to determine the IP address (10C) associated with the domain name (10B) from the permissioned distributed ledger (18), based on a freshness metric indicating that a DNS record for the domain name (10B) at the domain name server is no longer fresh.
17. The method of any of claims 15-16, further comprising requesting an update of a DNS record from the permissioned distributed ledger (18), responsive to expiration of a time-to-live for the DNS record.
18. The method of any of claims 15-17, wherein the permissioned distributed ledger (18) includes at least an operator tier associated with an operator of the wireless communication network (12) and an enterprise tier associated with the enterprise, and wherein said determining comprises determining the IP address (10C) from the enterprise tier of the permissioned distributed ledger (18).
19. The method of claim 18, wherein the operator tier includes one or more operator-tier records, wherein an operator-tier record includes information associated with an enterprise to which an operator of the wireless communication network (12) has delegated administration of a set of subscription identifiers and further includes information indicating domain names that the enterprise is allowed to assign, wherein each operator-tier record is linked to one or more enterprise-tier records in the enterprise tier, wherein an enterprise-tier record for an enterprise includes information indicating, for each of one or more wireless communication devices, a domain name (10B) assigned to the wireless communication device (10) or a secure hardware component (14) associated with the wireless communication device (10) and any IP address (10C) associated with that domain name (10B).
20. The method of any of claims 15-19, wherein the enterprise manufactured the wireless communication device (10), distributed the wireless communication device (10), sold the wireless communication device (10), activated or provisioned the wireless communication device (10), integrated the wireless communication device (10) into another device or system, and/or provided a service using the wireless communication device (10).
21. A network node (24) configured for use in a wireless communication network (12), the network node (24) configured to: determine an Internet Protocol, IP, address (10C) assigned by the wireless
communication network (12) to a wireless communication device (10); and add, to a permissioned distributed ledger (18) that is distributed at least in part between the wireless communication network (12) and an enterprise system (16) of an enterprise, a record that associates the IP address (10C) with a domain name (10B) assigned by the enterprise to the wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10).
22. The network node of claim 21 , configured to perform the method of any of claims 2-9.
23. An enterprise system (16) of an enterprise, the enterprise system (16) configured to: send, to a wireless communication network (12) and/or to a domain name system
manager, DNSM, a record that indicates a domain name (10B) assigned by the enterprise to a wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10);
responsive to sending the record, receive one or more responses that indicate whether the wireless communication network (12) and/or the DNSM approves of or rejects the record being added to a permissioned distributed ledger (18) that is distributed at least in part between the enterprise system (16), the wireless communication network (12), and the DNSM; and
add or not add the record to the permissioned distributed ledger (18) depending on the one or more responses.
24. The enterprise system (16) of claim 23, configured to perform the method of any of claims 1 1-14.
25. A domain name system, DNS, server (28) configured to:
receive a query for an IP address (10C) associated with a domain name (10B);
determine the IP address (10C) associated with the domain name (10B) from a
permissioned distributed ledger (18) that is distributed at least in part between a wireless communication network (12) and an enterprise system (16) of an enterprise that assigned the domain name (10B) to the wireless communication device (10) or a secure hardware component (14) associated with the wireless communication device (10); and
respond to the query with the determined IP address (10C).
26. The DNS server of claim 25, configured to perform the method of any of claims 16-20.
27. A computer program comprising instructions which, when executed by at least one processor of a network node (24), causes the network node (24) to perform the method of any of claims 1-9.
28. A computer program comprising instructions which, when executed by at least one processor of an enterprise system (16) of an enterprise, causes the enterprise system (16) to perform the method of any of claims 1 1-14.
29. A computer program comprising instructions which, when executed by at least one processor of a domain name system, DNS, server (28), causes the DNS server (28) to perform the method of any of claims 15-20.
30. A carrier containing the computer program of any of claims 27-29, wherein the carrier is one of an electronic signal, optical signal, radio signal, or computer readable storage medium.
31. A network node (24) configured for use in a wireless communication network (12), the network node (24) comprising:
communication circuitry (610); and
processing circuitry (600) configured to:
determine an Internet Protocol, IP, address (10C) assigned by the wireless communication network (12) to a wireless communication device (10); and
add, to a permissioned distributed ledger (18) that is distributed at least in part between the wireless communication network (12) and an enterprise system (16) of an enterprise, a record that associates the IP address (10C) with a domain name (10B) assigned by the enterprise to the wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10).
32. The network node of claim 31 , configured to perform the method of any of claims 2-9.
33. An enterprise system (16) of an enterprise, the enterprise system (16) comprising: communication circuitry (710) configured to communicatively connect the enterprise system (16) to a wireless communication network (12) and/or to a domain name system manager, DNSM; and
processing circuitry (700) configured to: send, to the wireless communication network (12) and/or to the DNSM, a record that indicates a domain name (10B) assigned by the enterprise to a wireless communication device (10) or to a secure hardware component (14) associated with the wireless communication device (10);
responsive to sending the record, receive one or more responses that indicate whether the wireless communication network (12) and/or the DNSM approves of or rejects the record being added to a permissioned distributed ledger (18) that is distributed at least in part between the enterprise system (16), the wireless communication network (12), and the DNSM; and
add or not add the record to the permissioned distributed ledger (18) depending on the one or more responses.
34. The enterprise system of claim 33, configured to perform the method of any of claims 1 1-14.
35. A domain name system, DNS, server (28) comprising:
communication circuitry (910); and
processing circuitry (900) configured to:
receive a query for an IP address (10C) associated with a domain name (10B); determine the IP address (10C) associated with the domain name (10B) from a permissioned distributed ledger (18) that is distributed at least in part between a wireless communication network (12) and an enterprise system (16) of an enterprise that assigned the domain name (10B) to the wireless communication device (10) or a secure hardware component (14) associated with the wireless communication device (10); and; and respond to the query with the determined IP address (10C).
36. The DNS server of claim 35, configured to perform the method of any of claims 16-20.
PCT/SE2019/050432 2019-05-14 2019-05-14 Domain name system for use with a wireless communication network WO2020231305A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2019/050432 WO2020231305A1 (en) 2019-05-14 2019-05-14 Domain name system for use with a wireless communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2019/050432 WO2020231305A1 (en) 2019-05-14 2019-05-14 Domain name system for use with a wireless communication network

Publications (1)

Publication Number Publication Date
WO2020231305A1 true WO2020231305A1 (en) 2020-11-19

Family

ID=73290257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2019/050432 WO2020231305A1 (en) 2019-05-14 2019-05-14 Domain name system for use with a wireless communication network

Country Status (1)

Country Link
WO (1) WO2020231305A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115250264A (en) * 2021-04-28 2022-10-28 慧与发展有限责任合伙企业 Controlling network traffic associated with a domain name based on DNS-IP mapping
WO2022248938A1 (en) * 2021-05-27 2022-12-01 Avea Media Inc. Authenticating data and communication sources
US11956628B2 (en) 2020-11-23 2024-04-09 Cisco Technology, Inc. Openroaming for private communication systems
US11962585B2 (en) 2019-08-20 2024-04-16 Cisco Technology, Inc. Guest onboarding of devices onto 3GPP-based networks with use of realm-based discovery of identity providers and mutual authentication of identity federation peers

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180101557A1 (en) * 2016-10-10 2018-04-12 AlphaPoint Finite state machine distributed ledger
WO2018191882A1 (en) * 2017-04-19 2018-10-25 北京大学深圳研究生院 Domain name resolution system based on block chain
WO2019018278A1 (en) * 2017-07-19 2019-01-24 Amazon Technologies, Inc. Distributed ledger certification
US20190090286A1 (en) * 2017-09-15 2019-03-21 Telefonaktiebolaget Lm Ericsson (Publ) Unified and distributed connectivity configuration across operators
US10299128B1 (en) * 2018-06-08 2019-05-21 Cisco Technology, Inc. Securing communications for roaming user equipment (UE) using a native blockchain platform
WO2019209149A1 (en) * 2018-04-25 2019-10-31 Telefonaktiebolaget Lm Ericsson (Publ) Administration of subscription identifiers in a wireless communication network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180101557A1 (en) * 2016-10-10 2018-04-12 AlphaPoint Finite state machine distributed ledger
WO2018191882A1 (en) * 2017-04-19 2018-10-25 北京大学深圳研究生院 Domain name resolution system based on block chain
WO2019018278A1 (en) * 2017-07-19 2019-01-24 Amazon Technologies, Inc. Distributed ledger certification
US20190090286A1 (en) * 2017-09-15 2019-03-21 Telefonaktiebolaget Lm Ericsson (Publ) Unified and distributed connectivity configuration across operators
WO2019209149A1 (en) * 2018-04-25 2019-10-31 Telefonaktiebolaget Lm Ericsson (Publ) Administration of subscription identifiers in a wireless communication network
US10299128B1 (en) * 2018-06-08 2019-05-21 Cisco Technology, Inc. Securing communications for roaming user equipment (UE) using a native blockchain platform

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11962585B2 (en) 2019-08-20 2024-04-16 Cisco Technology, Inc. Guest onboarding of devices onto 3GPP-based networks with use of realm-based discovery of identity providers and mutual authentication of identity federation peers
US11956628B2 (en) 2020-11-23 2024-04-09 Cisco Technology, Inc. Openroaming for private communication systems
CN115250264A (en) * 2021-04-28 2022-10-28 慧与发展有限责任合伙企业 Controlling network traffic associated with a domain name based on DNS-IP mapping
CN115250264B (en) * 2021-04-28 2023-10-13 慧与发展有限责任合伙企业 Controlling network traffic associated with domain names based on DNS-IP mapping
WO2022248938A1 (en) * 2021-05-27 2022-12-01 Avea Media Inc. Authenticating data and communication sources

Similar Documents

Publication Publication Date Title
WO2020231305A1 (en) Domain name system for use with a wireless communication network
US9026082B2 (en) Terminal identifiers in a communications network
KR101793204B1 (en) Resource and attribute management in machine to machine networks
CN109803251B (en) Method and apparatus for privacy management entity selection in a communication system
US8767737B2 (en) Data center network system and packet forwarding method thereof
CN115442423A (en) Method for discovering services provided by a network repository function
EP2656265B1 (en) Allocation of application identifiers
US11856405B2 (en) Administration of subscription identifiers in a wireless communication network
US20220345307A1 (en) Method, Device, and System for Updating Anchor Key in a Communication Network for Encrypted Communication with Service Applications
WO2016008320A1 (en) Method for acquiring identifier of terminal in network, management network element and storage medium
CN105075225A (en) Enabling external access to multiple services on a local server
JP2020526983A (en) Aliase management method and device
US20220368684A1 (en) Method, Device, and System for Anchor Key Generation and Management in a Communication Network for Encrypted Communication with Service Applications
CN111083695B (en) 5G communication card-free access method, equipment and storage medium
US8605736B2 (en) Method, system and apparatus for heterogeneous addressing mapping
KR102014108B1 (en) Method and RSP Server Apparatus for Providing SIM Profile to eUICC Device
CN110621051B (en) Routing method and device
US9949109B2 (en) Method and arrangement for connectivity in a communication network
US11463977B2 (en) Method and apparatus for managing machine type communication devices in an access network
WO2016042512A1 (en) Methods and apparatus in an m2m service provider network
CN112511658A (en) Method, device and system for realizing carrier-level network address conversion
CN118158198A (en) Network address acquisition method and electronic equipment
GB2624690A (en) Methods, apparatus, and computer programs for providing access to a subset of a resource managed by an entity of a mobile communication network
CN115665167A (en) Intelligent Internet of things system building method based on peer-to-peer network and related equipment
CN117062107A (en) Communication method, device, communication equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19928347

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19928347

Country of ref document: EP

Kind code of ref document: A1