FORM 2
THE PATENTS ACT, 1970 (39 OF 1970) & THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“A NETWORK SYSTEM FOR ENRICHING SESSION LOGS WITH AN IDENTITY INFORMATION AND A METHOD THEREOF”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

A NETWORK SYSTEM FOR ENRICHING SESSION LOGS WITH AN IDENTITY INFORMATION AND A METHOD THEREOF
FIELD OF INVENTION
[0001] Embodiments of the present disclosure generally relate to network performance management systems. More particularly, embodiments of the present disclosure relate to methods and network systems for enriching one or more session logs with one or more identity information.
BACKGROUND
[0002] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. The third generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.
[0004] Further, in the field of telecommunication, performance of a network system refers to a quality and effectiveness of the network system which involves evaluation of speed, connectivity, reliability, and efficiency of the network. Network performance monitoring is the
2

process of measuring, diagnosing, and optimizing the service quality of a network as experienced by users. The process of monitoring the performance of the network system provides one or more insights about behaviour and pattern of a network traffic. Also, the process of monitoring the network system performance helps to optimize one or more network resources, detect bandwidth congestion, uncover packet losses.
[0005] If network performance measurements are mandatory for network operations, future network planning and troubleshooting, then relying on subscriber and user equipment trace is a primary way for investigation and network optimisation.
[0006] In a cellular network, cell traffic trace, which is the ability to trace one or more active calls in one or more cells, plays a major role in activities such as determination of the root cause of a malfunctioning mobile, advanced troubleshooting, optimisation of resource usage and quality.
[0007] The capability to log data on any interface at call level for a specific user (e.g. International Mobile Subscriber Identity (IMSI)) or mobile type (e.g. International Mobile Equipment Identity (IMEI)), helps to fetch information for performance measurements. Cell traffic trace which includes subscriber and equipment trace gives instantaneous values for a specific event (e.g., call, location update, etc.).
[0008] Several systems, devices and methods are available in the public domain for monitoring and analysing network performance which involves physical tapping of the network, to fetch details of end users like subscriber identity and mobile identity. The physical tapping of the network involves monitoring of one or more event on a local network. However, the physical tapping in the network may raise potential issues such as data breaches, unauthorized access to monitor and capture the data. Moreover, the physical tapping of the network requires a physical access to a network infrastructure and if the network infrastructure is not properly secured, then the network infrastructure may be exploited by one or more intruders.
[0009] Further, to fetch user data by physical tapping, a network probing of the network interfaces is used. Network probe is a critical tool for network administrators to monitor network performance in real time. For continuously monitoring, analysing, and troubleshooting the network, probing is done multiple times. It is needless to emphasize that such large number

of probing of the network is resource intensive, time consuming and inefficient for effective monitoring, analysing and troubleshooting of the network. Therefore, probing by physical tapping of the network interfaces requires huge hardware and infrastructure set up.
[0010] Further, several efforts have been made to develop methods and systems to probe the networks using software means which try to eliminate involvement of resources such as labour, time, costs, and alike by analysing a plurality of summary logs of plurality of data exchange sessions.
[0011] However, the summary logs of the data exchange sessions do not include subscriber identity such as, IMSI and device identity information, such as, IMEI due to which enriching the call summary logs with IMSI and IMEI may be difficult and time consuming. Hence, the currently available solutions for monitoring and analysing the network performance are not efficient and also consume additional time and resources.
[0012] Further, the IMSI and IMEI uniquely identify the users and the devices respectively, as the IMSI is linked to subscriber identity module card (SIM card) of a subscriber, which helps to authenticate and track individual subscriber. The IMEI identifies the user equipment which helps to monitor the performance of the network. In addition to this, the IMSI and IMEI are present in a trace data which includes a subscriber and user equipment trace. The trace data provides a detailed information such as IMSI and IMEI at a call level on one or more user equipment(s). Subscriber and user equipment trace gives information for a specific event (e.g. call, location update, etc.). For network performance measurements, this trace data provides information which can be investigated and analysed for network optimisation. Further, to produce the trace data, a subscriber and user equipment trace function is carried out in one or more network elements.
[0013] However, there is no existing solution through which the summary logs may be enriched with the trace data, without manual intervention and without the need of a lot of hardware resources and infrastructure.
[0014] Thus, there exists an imperative need to provide methods and network systems for enriching summary logs with identity information of subscriber and user equipment, which will help to monitor the network performance in a rapid and efficient way.

SUMMARY
[0015] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0016] An aspect of the present disclosure may relate to a method for enriching one or more session logs with one or more identity information. The method comprises receiving, by a transceiver unit, at an Access and Mobility Function (AMF), from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference (TR) and a trace recording session reference (TRSR). The method comprises extracting, by an extraction unit, at the AMF, one or more identity information from the cell traffic trace. The method comprises sending, by the transceiver unit, from the AMF to a trace collection entity (TCE), a trace record, wherein the trace record comprises the extracted one or more identity information and the cell traffic trace. The method comprises enriching, by a normalizer unit, at the TCE, each session log of one or more session logs contained in the TR of the cell traffic trace, with the one or more received identity information. The method comprises storing, by the normalizer unit, at the TCE, in a database, the enriched one or more session logs.
[0017] In an exemplary aspect of the present disclosure, the one or more identity information comprises at least one of an International Mobile Subscriber Identity (IMSI) information, and an International Mobile Equipment Identity (IMEI) information.
[0018] In an exemplary aspect of the present disclosure, prior to enriching by a normalizer unit at the TCE, each session log of the one or more session logs with the one or more received identity information, the method comprises decoding, by a conductor unit at the TCE, the one or more session logs contained in the TR of the cell traffic trace.
[0019] In an exemplary aspect of the present disclosure, logging of the one or more session logs contained in the TR, is initiated when a radio resource control (RRC) setup request is received from a user equipment (UE) at the base station.

[0020] In an exemplary aspect of the present disclosure, the cell traffic trace is sent by the base station to the AMF, on completion of the RRC setup request at the base station.
[0021] In an exemplary aspect of the present disclosure, the logging of the one or more session
5 logs contained in the TR, ends when a RRC release message is sent by the base station to the
UE.
[0022] In an exemplary aspect of the present disclosure, the one or more session logs is
associated with one of a data exchange session and a call session, between the UE and another
10 UE via the base station.
[0023] Another aspect of the present disclosure may relate to a network system for enriching one or more session logs with one or more identity information, the network system comprising an access and mobility function (AMF), a transceiver unit at the AMF configured to receive,
15 from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference
(TR), and a trace recording session reference (TRSR). The network system further comprises an extraction unit at the AMF configured to extract one or more identity information from the cell traffic trace. The transceiver unit, further configured to send, to a trace collection entity (TCE), a trace record, wherein the trace record comprises the one or more identity information
20 and the cell traffic trace. The TCE further comprises a normalizer unit configured to enrich,
each session log of one or more session logs contained in the TR of the cell traffic trace, with the one or more identity information. The normalizer unit is further configured to store, in a database, the enriched one or more session logs.
25 [0024] Yet another aspect of the present disclosure may relate to a non-transitory computer
readable storage medium storing instructions for enriching one or more session logs with one or more identity information, the instructions include executable code which, when executed by one or more units of a network system, causes: a transceiver unit at an access and mobility function (AMF) configured to receive, from a base station, a cell traffic trace, wherein the cell
30 traffic trace comprises a trace reference (TR), and a trace recording session reference (TRSR);
an extraction unit at the AMF to extract one or more identity information from the cell traffic trace; the transceiver unit at the AMF further configured to send, to a trace collection entity (TCE), a trace record, wherein the trace record comprises the one or more identity information and the cell traffic trace; a normalizer unit at the TCE to enrich, each session log of one or more
6

session logs contained in the TR of the cell traffic trace, with the one or more identity information; and the normalizer unit at the TCE to store in a database, the enriched one or more session logs.
5 OBJECTS OF THE INVENTION
[0025] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
10 [0026] It is an object of the present disclosure to provide a network system for enriching one
or more session logs with one or more identity information.
[0027] It is another object of the present disclosure to provide a method for enriching one or more session logs with one or more identity information. 15
[0028] It is another object of the present disclosure to provide a solution for monitoring and analysing a network performance without the use of physical tapping.
[0029] It is another object of the present disclosure to provide a solution to enrich the one or
20 more summary logs of one or more data exchange sessions with information such as IMSI
(International Mobile Subscriber Identity) and device identity information, such as, IMEI (International Mobile Equipment Identity.
[0030] It is another object of the present disclosure to provide a solution that saves time, labour
25 and costs involved in enriching the summary logs of the data exchange sessions with IMSI and
IMEI.
DESCRIPTION OF THE DRAWINGS
30 [0031] The accompanying drawings, which are incorporated herein, and constitute a part of
this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Also, the embodiments shown in the
7

figures are not to be construed as limiting the disclosure, but the possible variants of the method
and system according to the disclosure are illustrated herein to highlight the advantages of the
disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings
includes disclosure of electrical components or circuitry commonly used to implement such
5 components.
[0032] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core (5GC) network architecture.
10 [0033] FIG. 2 illustrates an exemplary block diagram of a computing device upon which the
features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
[0034] FIG. 3 illustrates an exemplary block diagram of a network system for enriching one or
15 more session logs with one or more identity information, in accordance with exemplary
implementations of the present disclosure.
[0035] FIG. 4 illustrates a method flow diagram for enriching one or more session logs with
one or more identity information in accordance with exemplary implementations of the present
20 disclosure.
[0036] FIG. 5 illustrates a sequence flow diagram for enriching one or more session logs with one or more identity information, in accordance with exemplary implementations of the present disclosure. 25
[0037] The foregoing shall be more apparent from the following more detailed description of the disclosure.
DETAILED DESCRIPTION
30
[0038] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter may each be used
8

independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above.
5 [0039] The ensuing description provides exemplary embodiments only, and is not intended to
limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description
of the exemplary embodiments will provide those skilled in the art with an enabling description
for implementing an exemplary embodiment. It should be understood that various changes may
be made in the function and arrangement of elements without departing from the spirit and
10 scope of the disclosure as set forth.
[0040] Specific details are given in the following description to provide a thorough
understanding of the embodiments. However, it will be understood by one of ordinary skill in
the art that the embodiments may be practiced without these specific details. For example,
15 circuits, systems, processes, and other components may be shown as components in block
diagram form in order not to obscure the embodiments in unnecessary detail.
[0041] Also, it is noted that individual embodiments may be described as a process which is
depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block
20 diagram. Although a flowchart may describe the operations as a sequential process, many of
the operations may be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
25 [0042] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an
example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary
30 structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent
that the terms “includes”, “has”, “contains” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term “comprising” as an open transition word without precluding any additional or other elements.
9

[0043] As used herein, a “processing unit” or “processor” or “operating processor” includes
one or more processors, wherein processor refers to any logic circuitry for processing
instructions. A processor may be a general-purpose processor, a special purpose processor, a
5 conventional processor, a digital signal processor, a plurality of microprocessors, one or more
microprocessors in association with a (Digital Signal Processing) DSP core, a controller, a
microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array
circuits, any other type of integrated circuits, etc. The processor may perform signal coding
data processing, input/output processing, and/or any other functionality that enables the
10 working of the system according to the present disclosure. More specifically, the processor or
processing unit is a hardware processor.
[0044] As used herein, “a user equipment”, “a user device”, “a smart-user-device”, “a smart-device”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless
15 communication device”, “a mobile communication device”, “a communication device” may
be any electrical, electronic and/or computing device or equipment, capable of implementing the features of the present disclosure. The user equipment/device may include, but is not limited to, a mobile phone, smart phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable of
20 implementing the features of the present disclosure. Also, the user device may contain at least
one input means configured to receive an input from at least one of a transceiver unit, a processing unit, a storage unit, a detection unit and any other such unit(s) which are required to implement the features of the present disclosure.
25 [0045] As used herein, “storage unit” or “memory unit” refers to a machine or computer-
readable medium including any mechanism for storing information in a form readable by a computer or similar machine. For example, a computer-readable medium includes read-only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices or other types of machine-accessible storage media. The
30 storage unit stores at least the data that may be required by one or more units of the system to
perform their respective functions.
[0046] As used herein “interface” or “user interface” refers to a shared boundary across which two or more separate components of a system exchange information or data. The interface may
10

also be referred to a set of rules or protocols that define communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures that may be called.
5 [0047] All modules, units, components used herein, unless explicitly excluded herein, may be
software modules or hardware processors, the processors being a general-purpose processor, a
special purpose processor, a conventional processor, a digital signal processor (DSP), a
plurality of microprocessors, one or more microprocessors in association with a DSP core, a
controller, a microcontroller, Application Specific Integrated Circuits (ASIC), Field
10 Programmable Gate Array circuits (FPGA), any other type of integrated circuits, etc.
[0048] As used herein, the transceiver unit includes at least one receiver and at least one
transmitter configured respectively for receiving and transmitting data, signals, information or
a combination thereof between units/components within the system and/or connected with the
15 system.
[0049] Further, a “cell traffic trace” includes subscriber and equipment trace that provides a detailed information at call level on one or more specific mobile(s) (i.e. UEs). The detailed information is an additional source of information to investigate performance measurement and
20 allows a deep investigation for monitoring and optimisation operations. The cell traffic trace
plays a major role in activities such as determination of the root cause of a malfunctioning mobile, advanced troubleshooting, optimisation of resource usage and quality, radio frequency coverage control and capacity improvement, dropped call analysis, core network and access network end-to-end procedure validation.
25
[0050] As used herein, the “TR” identifies a trace session and is a globally unique identification (ID). The method to generate the TR unique ID is to divide the TR into Mobile country code (MCC), Mobile network code (MNC) and Trace Identification Data (ID).
30 [0051] As used herein, “Trace Session” identifies time interval started with a Trace Session
Activation and lasts until the Deactivation of that specific Trace Session.
[0052] As used herein, the “MCC” is a unique identifier used in conjunction with a mobile network code (MNC) to identify a mobile network operator. The MNC is a unique identifier
11

used in conjunction with the MCC to identify a mobile network operator. Also, trace ID is an identification data that is present in a hexadecimal format. The trace ID may be numeric, alphanumeric or alphabetic.
5 [0053] As used herein, “trace recording session” is a time interval within a trace session while
trace records are generated for a subscriber or user equipment (UE) being traced and the trace recording session reference identifies a trace recording session within a trace session.
[0054] As used herein, the “TRSR” identifies a Trace Recording Session within a Trace
10 Session. The Trace Recording Session Reference shall be unique within a Trace Session.
[0055] As used herein, an “International Mobile Subscriber Identity (IMSI) information” is a
number that uniquely identifies every user of a network. The IMSI information may be stored
as a 64-bit field and is transmitted by a user equipment to the network. The IMEI information
15 is a unique 15-digit serial number for identifying the user equipment.
[0056] As used herein, “Radio Resource Control (RRC) setup request” is a message that is
used to request an Evolved Universal Mobile Telecommunications System Terrestrial Radio
Access Network (E-UTRAN) for an establishment of a RRC connection between the user
20 equipment and the base station. Additionally, RRC is a protocol which is utilized between the
user equipment and the base station. The one or more functions of the RRC include connection establishment and release functions, broadcast of system information, the establishment of radio bearers, reconfiguration, and release of RRC, paging notification, and releases.
25 [0057] As used herein, “data exchange session” involves one or more activities such as data
transfer between a user equipment (UE) and the network. Further the “call session” may refer to one or more voice or video call session between the UE and another UE through the base station.
30 [0058] As used herein, “trace collection entity (TCE)” is a component responsible for
collecting, processing, and storing a trace data generated by one or more network elements or one or more network interfaces.
12

[0059] As discussed in the background section, to monitor a network and analyse its
performance, probing is done multiple times. The process of conducting probing by physical
tapping of network interfaces multiple times, consumes a large amount of time and resources.
Further, probing is inefficient for effective monitoring, analysing and troubleshooting of the
5 network. Additionally, several systems and methods were introduced to monitor and analyse
the network performance by processing a plurality of summary or session logs of plurality of data sessions. However, the summary logs of the data exchange sessions may not comprise a sim identity information, such as, IMSI (International Mobile Subscriber Identity) and device identity information, such as, IMEI (International Mobile Equipment Identity), due to which
10 enriching the summary logs with IMSI and IMEI may be difficult and time consuming. Hence,
the currently available solutions for monitoring and analysing the network performance are not efficient and consume additional time and resources. Also, the current known solutions fail to identify one or more root issues which results in outages or contributes to a negative user experience. Hence, the current known solutions have several shortcomings. The present
15 disclosure aims to overcome the above-mentioned and other existing problems in this field of
technology by providing a network system for enriching one or more session logs with one or more identity information and a method thereof.
[0060] The present disclosure aims to enrich the one or more session logs with one or more
20 identify information by receiving a cell traffic trace from a base station where the cell traffic
trace includes a trace reference (TR), and a trace recording session reference (TRSR). Further,
one or more identity information such as International Mobile Subscriber Identity (IMSI)
information, and an International Mobile Equipment Identity (IMEI) information is extracted
from the cell traffic trace. Thereafter, a trace record is transmitted to a trace collection entity
25 (TCE). The trace record includes the one or more identity information and the cell traffic trace.
Further, each session log of one or more session logs contained in the TR of the cell traffic
trace is enriched with the one or more identity information and the enriched one or more session
logs are stored in a database. Moreover, logging of the one or more session logs contained in
the TR, is initiated when a radio resource control (RRC) setup request is received from a user
30 equipment (UE) at the base station and the logging of the one or more session logs contained
in the TR, ends when a RRC release message is sent by the base station to the UE. Also, the one or more session logs is associated with one of a data exchange session and a call session, between the UE and another UE via the base station.
13

[0061] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core
(5GC) network architecture, in accordance with exemplary implementation of the present
disclosure. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment
(UE) [102], a radio access network (RAN) [104], an access and mobility management function
5 (AMF) [106], a Session Management Function (SMF) [108], a Service Communication Proxy
(SCP) [110], an Authentication Server Function (AUSF) [112], a Network Slice Specific
Authentication and Authorization Function (NSSAAF) [114], a Network Slice Selection
Function (NSSF) [116], a Network Exposure Function (NEF) [118], a Network Repository
Function (NRF) [120], a Policy Control Function (PCF) [122], a Unified Data Management
10 (UDM) [124], an application function (AF) [126], a User Plane Function (UPF) [128], a data
network (DN) [130], wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
15 [0062] Radio Access Network (RAN) [104] is part of a mobile telecommunications system
that connects user equipment (UE) [102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.
20 [0063] Access and Mobility Management Function (AMF) [106] is a 5G core network function
responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
[0064] Session Management Function (SMF) [108] is a 5G core network function responsible
25 for managing session-related aspects, such as establishing, modifying, and releasing sessions.
It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.
[0065] Service Communication Proxy (SCP) [110] is a network function in the 5G core
30 network that facilitates communication between other network functions by providing a secure
and efficient messaging service. It acts as a mediator for service-based interfaces.
14

[0066] Authentication Server Function (AUSF) [112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.
5 [0067] Network Slice Specific Authentication and Authorization Function (NSSAAF) [114] is
a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.
[0068] Network Slice Selection Function (NSSF) [116] is a network function responsible for
10 selecting the appropriate network slice for a UE based on factors such as subscription,
requested services, and network policies.
[0069] Network Exposure Function (NEF) [118] is a network function that exposes capabilities
and services of the 5G network to external applications, enabling integration with third-party
15 services and applications.
[0070] Network Repository Function (NRF) [120] is a network function that acts as a central repository for information about available network functions and services. It facilitates the discovery and dynamic registration of network functions. 20
[0071] Policy Control Function (PCF) [122] is a network function responsible for policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.
25 [0072] Unified Data Management (UDM) [124] is a network function that centralizes the
management of subscriber data, including authentication, authorization, and subscription information.
[0073] Application Function (AF) [126] is a network function that represents external
30 applications interfacing with the 5G core network to access network capabilities and services.
[0074] User Plane Function (UPF) [128] is a network function responsible for handling user data traffic, including packet routing, forwarding, and QoS enforcement.
15

[0075] Data Network (DN) [130] refers to a network that provides data services to user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services.
5 [0076] FIG. 2 illustrates an exemplary block diagram of a computing device [200] upon which
the features of the present disclosure may be implemented in accordance with exemplary
implementation of the present disclosure. In an implementation, the computing device [200]
may also implement a method for message routing management. In another implementation,
the computing device [200] itself implements the method for message routing management
10 using one or more units configured within the computing device [200], wherein said one or
more units are capable of implementing the features as disclosed in the present disclosure.
[0077] The computing device [200] may include a bus [202] or other communication mechanism for communicating information, and a hardware processor [204] coupled with bus
15 [202] for processing information. The hardware processor [204] may be, for example, a
general-purpose microprocessor. The computing device [200] may also include a main memory [206], such as a random-access memory (RAM), or other dynamic storage device, coupled to the bus [202] for storing information and instructions to be executed by the processor [204]. The main memory [206] also may be used for storing temporary variables or other intermediate
20 information during execution of the instructions to be executed by the processor [204]. Such
instructions, when stored in non-transitory storage media accessible to the processor [204], render the computing device [200] into a special-purpose machine that is customized to perform the operations specified in the instructions. The computing device [200] further includes a read only memory (ROM) [208] or other static storage device coupled to the bus
25 [202] for storing static information and instructions for the processor [204].
[0078] A storage device [210], such as a magnetic disk, optical disk, or solid-state drive is
provided and coupled to the bus [202] for storing information and instructions. The computing
device [200] may be coupled via the bus [202] to a display [212], such as a cathode ray tube
30 (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED
(OLED) display, etc. for displaying information to a computer user. An input device [214], including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus [202] for communicating information and command selections to the processor [204]. Another type of user input device may be a cursor controller [216], such as a mouse, a trackball,
16

or cursor direction keys, for communicating direction information and command selections to the processor [204], and for controlling cursor movement on the display [212]. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane. 5
[0079] The computing device [200] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computing device [200] causes or programs the computing device [200] to be a special-purpose machine. According to one implementation, the techniques
10 herein are performed by the computing device [200] in response to the processor [204]
executing one or more sequences of one or more instructions contained in the main memory [206]. Such instructions may be read into the main memory [206] from another storage medium, such as the storage device [210]. Execution of the sequences of instructions contained in the main memory [206] causes the processor [204] to perform the process steps described
15 herein. In alternative implementations of the present disclosure, hard-wired circuitry may be
used in place of or in combination with software instructions.
[0080] The computing device [200] also may include a communication interface [218] coupled to the bus [202]. The communication interface [218] provides a two-way data communication
20 coupling to a network link [220] that is connected to a local network [222] and the local
network [222] is further connected to the host [224]. For example, the communication interface [218] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication interface [218] may be a local area
25 network (LAN) card to provide a data communication connection to a compatible LAN.
Wireless links may also be implemented. In any such implementation, the communication interface [218] sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
30 [0081] The computing device [200] can send messages and receive data, including program
code, through the network(s), the network link [220] and the communication interface [218]. In the Internet example, a server [230] might transmit a requested code for an application program through the Internet [228], the ISP [226], the Host [224], the local network [222] and the communication interface [218]. The received code may be executed by the processor [204]
17

as it is received, and/or stored in the storage device [210], or other non-volatile storage for later execution.
[0082] Referring to FIG. 3, an exemplary block diagram of a network system [300] for
5 enriching one or more session logs with one or more identity information, is shown, in
accordance with the exemplary implementations of the present disclosure. The network system [300] comprises an Access and Mobility Function (AMF) [106] and a Trace Collection Entity (TCE) [306]. The AMF [106] further comprises at least one transceiver unit [302] and at least one extraction unit [304]. The TCE [306] further comprises at least one normalizer unit [308]
10 and at least one conductor unit [310]. Also, all of the components/ units of the network system
[300] are assumed to be connected to each other unless otherwise indicated below. As shown in the figures all units shown within the system should also be assumed to be connected to each other. Also, in FIG. 3 only a few units are shown, however, the network system [300] may comprise multiple such units or the system [300] may comprise any such numbers of said units,
15 as required to implement the features of the present disclosure.
[0083] The network system [300] is configured for enriching one or more session logs with one or more identity information, with the help of the interconnection between the components/units of the network system [300]. 20
[0084] Further, the system [300] is intended to be read in conjunction with an exemplary 5th generation core (5GC) network architecture [100] as shown in FIG. 1. The systems in FIG. 3 and FIG. 1 complement each other.
25 [0085] Further, in accordance with the present disclosure, it is to be acknowledged that the
functionality described for the various components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be
30 construed as limiting the scope of the present disclosure. Consequently, alternative
arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
18

[0086] In an exemplary aspect of the present disclosure, as shown in network system [300], the transceiver unit [302] at the access and mobility function (AMF) [106], is configured to receive, from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference (TR), and a trace recording session reference (TRSR). 5
[0087] In an exemplary aspect, the cell traffic trace is a feature or ability to trace one or more active calls in one or more cells. The purpose of the cell traffic trace is to send an allocated Trace Recording Session Reference (TRSR) and the Trace Reference (TR) to the AMF [106] by using a User Equipment (UE)-associated signalling procedure.
10
[0088] In an exemplary aspect, the TR identifies a trace session and is a globally unique identification (ID). The method to generate the TR unique ID is to divide the TR into The TR may comprise of Mobile country code (MCC), Mobile network code (MNC) and Trace Identification Data (ID).
15
[0089] Further, the MCC is a unique identifier used in conjunction with a mobile network code (MNC) to identify a mobile network operator. The MNC is a unique identifier used in conjunction with the MCC to identify a mobile network operator. Also, trace ID is an identification data that is present in a hexadecimal format, 6 digits in length, hex letters (A
20 through F) are capitalized.
[0090] In an exemplary aspect, the TRSR identifies a Trace Recording Session within a Trace Session. is a unique identifier within a trace session which is generated from each trace recording session.
25
[0091] In an exemplary aspect, the trace recording session is a time interval within a trace session while one or more trace records are generated for a subscriber, user equipment (UE) or service being traced, and the trace recording session reference identifies a trace recording session within a trace session.
30
[0092] Further, the network system [300] shows the extraction unit [304] at the AMF [106], connected at least to the transceiver unit [302], the extraction unit [304] is configured to extract one or more identity information from the cell traffic trace.
19

[0093] In an exemplary aspect, the one or more identity information comprises at least one of an International Mobile Subscriber Identity (IMSI) information, and an International Mobile Equipment Identity (IMEI) information.
5 [0094] In an exemplary aspect, the present disclosure may comprise any such other subscriber
and equipment identities such as, Subscription Permanent Identifier (SUPI), Subscription Concealed Identifier (SUCI), 5G Globally Unique Temporary Identity (GUTI), 5G Temporary Mobile Subscriber Identity (TIMSI), International Mobile Subscriber Identity (IMSI), Permanent Equipment Identifier (PEI), UE Radio Capability ID.
10
[0095] In an exemplary aspect, the extraction unit [304] may utilize one or more data extraction protocols for extracting the one or more identity information from the cell traffic trace. The one or more data extraction protocols may be pre-defined or pre-stored the database [312] by an administrator. Additionally, the one or more data extraction protocols may refer to one or
15 more processes of procuring a required data (i.e. identity information) from a source (i.e. cell
traffic trace).
[0096] In an exemplary aspect, the cell traffic trace is sent by the base station to the AMF [106], on completion of a Radio Resource Control (RRC) setup request at the base station. 20
[0097] Further, in an exemplary aspect, the transceiver unit [302] via the AMF [106] is further configured to send to a trace collection entity (TCE) [306], a trace record, wherein the trace record comprises the one or more identity information and the cell traffic trace.
25 [0098] The TCE [306] is a component responsible for collecting, processing, and storing a
trace data generated by one or more network elements or one or more network interfaces.
[0099] In an exemplary aspect, the TCE [306] further comprises a normalizer unit [308]
configured to enrich, each session log of one or more session logs contained in the TR of the
30 cell traffic trace, with the one or more identity information.
[0100] In an exemplary aspect, the normalizer unit [308] enriches each session log of one or more session logs contained in the TR of the cell traffic trace, with the one or more identity
20

information by utilizing one or more enriching policies. Further the one or more enriching policies may be pre-defined or pre-stored by the administrator in the database [312].
[0101] In an exemplary aspect, the logging of the one or more session logs contained in the
5 TR, ends when a RRC release message is sent by the base station to the UE.
[0102] It is to be noted that the RRC release message is used to command a release of the RRC connection between the user equipment and the base station.
10 [0103] In an exemplary aspect, the logging of the one or more session logs contained in the
TR, is initiated when the radio resource control (RRC) setup request is received from the user equipment (UE) [502] at the base station.
[0104] In an exemplary aspect, the one or more session logs is associated with one of a data
15 exchange session and a call session, between the UE [502] and another UE [502] via the base
station.
[0105] It is to be noted, that the data exchange session involves one or more activities such as
data transfer between a user equipment (UE) and the network. Further the call session may
20 refer to one or more voice or video call sessions between the UE and another UE through the
base station.
[0106] For instance, the one or more session logs may include an information about a session
such as start time, end time, call quality, nature of data exchange or call or other data like signal
25 strength.
[0107] In an exemplary aspect, the normalizer unit [308] is further configured to store, in a database [312], the enriched one or more session logs.
30 [0108] In an exemplary aspect, prior to enriching by the normalizer unit [308] at the TCE [306],
each session log of the one or more session logs with the one or more received identity information, the TCE [306] further comprises a conductor unit [310] that is configured to decode the one or more session logs contained in the TR of the cell traffic trace.
21

[0109] In the present disclosure, the decoding via the conductor unit [310] is done via utilizing
one or more decoders based on a message type such as RRC, Next Generation Application
Protocol (NGAP), New Radio Session Log (NRSL), Xn Application Protocol (XnAP) and
5 alike.
[0110] It is to be noted that the NGAP provides a signalling service between a Next Generation
-Radio Access Network (NG-RAN) node and the AMF [106] that is required to fulfil the NGAP
functions. Also, there are two types of NGAP services, i.e. a non-UE-associated services and a
10 UE-associated service.
[0111] The non-UE-associated services are related to a whole next generation interface
instance between the NG-RAN node and AMF [106] utilising a non-UE-associated signalling
connection.
15
[0112] The UE-associated service is related to one UE. The NGAP functions that provide these
services are associated with a UE-associated signalling connection that is maintained for the
UE [502] in question.
20 [0113] The XnAP is a control protocol that includes one or more elementary procedures. The
XnAP is a unit of interaction between two NG-RAN nodes. The one or more elementary procedures comprise of an initiating message and possibly a response message.
[0114] Referring to FIG. 4, an exemplary method flow diagram [400] for enriching one or
25 more session logs with one or more identity information, in accordance with exemplary
implementations of the present disclosure is shown. In an implementation the method [400] is performed by the system [300]. Further, in an implementation, the system [300] may be present in a server device to implement the features of the present disclosure. Also, as shown in FIG. 4, the method [400] starts at step [402]. 30
[0115] At step [404], the method [400] comprises receiving, by a transceiver unit [302], at an Access and Mobility Function (AMF) [106], from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference (TR) and a trace recording session reference (TRSR).
22

[0116] In an exemplary aspect, the cell traffic trace is a feature or ability to trace one or more
active calls in one or more cells. The purpose of the cell traffic trace is to send an allocated
Trace Recording Session Reference (TRSR) and the Trace Reference (TR) to the AMF [106]
5 by using a User Equipment (UE)-associated signalling procedure.
[0117] In an exemplary aspect, the TR identifies a trace session and is a globally unique
identification (ID). The method to generate the TR unique ID is to divide the TR into The TR
may comprise of Mobile country code (MCC), Mobile network code (MNC) and Trace
10 Identification Data (ID).
[0118] Further, the MCC is a unique identifier used in conjunction with a mobile network code
(MNC) to identify a mobile network operator. The MNC is a unique identifier used in
conjunction with the MCC to identify a mobile network operator. Also, trace ID is an
15 identification data that is present in a hexadecimal format, 6 digits in length, hex letters (A
through F) are capitalized.
[0119] In an exemplary aspect, the TRSR identifies a Trace Recording Session within a Trace
Session. is a unique identifier within a trace session which is generated from each trace
20 recording session.
[0120] In an exemplary aspect, the trace recording session is a time interval within a trace
session while one or more trace records are generated for a subscriber, user equipment (UE) or
service being traced, and the trace recording session reference identifies a trace recording
25 session within a trace session.
[0121] In an exemplary aspect, the cell traffic trace is sent by the base station to the AMF [106], on completion of the RRC setup request at the base station.
30 [0122] At step [406], the method [400] comprises extracting, by an extraction unit [304] at the
AMF [106], one or more identity information from the cell traffic trace.
[0123] In an exemplary aspect, the extraction unit [304] may utilize one or more data extraction protocols for extracting the one or more identity information from the cell traffic trace. The
23

one or more data extraction protocols may be pre-defined or pre-stored in the database [312] by an administrator. Additionally, the one or more data extraction protocols may refer to one or more processes of procuring a required data (i.e. identity information) from a source (i.e. cell traffic trace). 5
[0124] In an exemplary aspect, the one or more identity information comprises at least one of an International Mobile Subscriber Identity (IMSI) information, and an International Mobile Equipment Identity (IMEI) information.
10 [0125] In an exemplary aspect, the present disclosure may comprise any such other subscriber
and equipment identities such as, Subscription Permanent Identifier (SUPI), Subscription Concealed Identifier (SUCI), 5G Globally Unique Temporary Identity (GUTI), 5G Temporary Mobile Subscriber Identity (TIMSI), International Mobile Subscriber Identity (IMSI), Permanent Equipment Identifier (PEI), UE Radio Capability ID.
15
[0126] At step [408], the method [400] comprises sending, by the transceiver unit [302], from the AMF [106], to a trace collection entity (TCE) [306], a trace record, wherein the trace record comprises the extracted one or more identity information and the cell traffic trace.
20 [0127] In an exemplary aspect, the TCE [306] is a component responsible for collecting,
processing, and storing a trace data generated by one or more network elements or one or more network interfaces.
[0128] At step [410], the method [400] comprises enriching, by a normalizer unit [308] at the
25 TCE [306], each session log of one or more session logs contained in the TR of the cell traffic
trace, with the one or more received identity information.
[0129] In an exemplary aspect, the normalizer unit [308] enriches each session log of one or
more session logs contained in the TR of the cell traffic trace, with the one or more identity
30 information by utilizing one or more enriching policies. Further the one or more enriching
policies may pre-define or pre-stored by the administrator in the database [312].
[0130] In an exemplary aspect, prior to enriching by a normalizer unit [308] at the TCE [306], each session log of the one or more session logs with the one or more received identity
24

information, the method comprises decoding, by a conductor unit [310] at the TCE [306], the one or more session logs contained in the TR of the cell traffic trace.
[0131] In an exemplary aspect, the decoding via the conductor unit [310] is done via utilizing
5 one or more decoders based on a message type such as RRC, Next Generation Application
Protocol (NGAP), NRSL, Xn Application Protocol (XnAP)and alike.
[0132] The present disclosure encompasses that the NGAP provides a signalling service
between a Next Generation -Radio Access Network (NG-RAN) node and the AMF [106] that
10 is required to fulfil the NGAP functions. Also, there are two types of NGAP services, i.e. a
non-UE-associated services and a UE-associated service.
[0133] The non-UE-associated services are related to a whole next generation interface
instance between the NG-RAN node and AMF [106] utilising a non-UE-associated signalling
15 connection.
[0134] The UE-associated service is related to one UE. The NGAP functions that provide these services are associated with a UE-associated signalling connection that is maintained for the UE [502] in question.
20
[0135] The XnAP is a control protocol includes one or more elementary procedures. The XnAP is a unit of interaction between two NG-RAN nodes. The one or more elementary procedures comprise of an initiating message and possibly a response message.
25 [0136] In an exemplary aspect, logging of the one or more session logs contained in the TR, is
initiated when a radio resource control (RRC) setup request is received from a user equipment (UE) at the base station.
[0137] In an exemplary aspect, the RRC setup request is a message that is used to request an
30 Evolved Universal Mobile Telecommunications System Terrestrial Radio Access Network (E-
UTRAN) for an establishment of a RRC connection between the user equipment and the base
25

station. The RRC connection is a logical link which carried a control related information one or more signalling messages between the user equipment and the base station.
[0138] Additionally, RRC is a protocol which is utilized between the user equipment and the
5 base station. The one or more functions of the RRC include connection establishment and
release functions, broadcast of system information, the establishment of radio bearers, reconfiguration, and release of RRC, paging notification, and releases.
[0139] In an exemplary aspect, the logging of the one or more session logs contained in the
10 TR, ends when a RRC release message is sent by the base station to the UE.
[0140] In an exemplary aspect, the RRC release message is used to command a release of the RRC connection between the user equipment and the base station.
15 [0141] In an exemplary aspect, the one or more session logs is associated with one of a data
exchange session and a call session, between the UE [502] and another UE via the base station.
[0142] In an exemplary aspect, the data exchange session involves one or more activities such
as data transfer between the UE [502]and the network, application usage. Further the call
20 session may refer to one or more voice or video calls between the UE [502] and another UE
through the base station.
[0143] For instance, the one or more session logs may include an information about a session
such as start time, end time, call quality, nature of data exchange or call or other data like signal
25 strength.
[0144] At step [412], the method [400] comprises storing, by the normalizer unit [308] at the TCE [306], in a database [312], the enriched one or more session logs.
30 [0145] Thereafter, the method [400] terminates at step [414].
[0146] Referring to FIG. 5, a sequence flow diagram [500] for enriching one or more session logs with one or more identity information, in accordance with exemplary implementations of the present disclosure is shown. The sequence flow diagram comprises a user equipment (UE)
26

[502], a next generation node (gNB) [504], an access management function (AMF) [106], an element management system (EMS) [506] and a trace collection entity (TCE) [306].
[0147] At step S1, a trace session activation message is transmitted from the EMS [506] to
5 gNB [504]. The trace session activation message is associated with one or more trace control
and configuration parameters.
[0148] At step S2, a trace session activation response is transmitted from the gNB [504] to the
EMS [506], in response to the trace session activation message. The response includes
10 acknowledgment to activation message or success indication of trace session activation.
[0149] At step S3, a trace record is transmitted from gNB [504] to the TCE [306]. The trace record defines start of the trace session and includes a traceRecordTypeId parameter.
15 [0150] Further, step S1 to step S3 signify a Transmission Control Protocol (TCP) session
establishment and Trace Reference (TR) allocation.
[0151] At step S4, a radio resource control (RRC) setup request is forwarded from the UE [502] to gNB [504].
20
[0152] In an exemplary aspect, the RRC setup request is a message that is used to request an Evolved Universal Mobile Telecommunications System Terrestrial Radio Access Network (E-UTRAN) for an establishment of a RRC connection between the user equipment and the base station. The RRC connection is a logical link which carries control related information for one
25 or more signalling messages between the user equipment and the base station.
[0153] Additionally, RRC is a protocol which is utilized between the user equipment and the
base station. The one or more functions of the RRC include connection establishment and
release functions, broadcast of system information, the establishment of radio bearers,
30 reconfiguration, and release of RRC, paging notification, and releases.
[0154] Thereafter, a New Radio Session Log (NRSL) creation starts, which describes start of NR session logging.
27

[0155] At step S5 and step S6, multiple trace records are forwarded from the gNB [504] to the TCE [306]. These trace records define start of trace recording session and RRC setup request.
[0156] The steps S4, S5, and S6 are performed for initiating a trace recording session and
5 allocating a trace recording session reference (TRSR).
[0157] At step S7, a RRC setup message is shared from the gNB [504] to the UE [502].
[0158] Thereafter, at step S8, a trace record is shared from the gNB [504] to the TCE [306].
10 This trace record defines that a RRC set up has been done.
[0159] At step S9, a RRC setup complete message is transmitted from the UE [502] to the gNB [504]. This defines that a session has been set up for the UE to start a voice or a data session.
15 [0160] Thereafter, at step S10, a trace record is shared from the gNB [504] to the TCE [306].
This trace record defines a RRC set up is complete.
[0161] Immediately, after step S10, a call setup process is initiated. Thereafter, at step S11, a
cell traffic trace is shared from the gNB [504] to the AMF [106]. Moreover, the cell traffic
20 trace comprises a trace reference and a trace recording session reference.
[0162] After completion of step S11, the AMF [106] starts searching for the identify information such as International Mobile Subscriber Identity (IMSI) information, and an International Mobile Equipment Identity (IMEI) information in the cell traffic trace. 25
[0163] Further, the step S11 may be performed via a proprietary approach.
[0164] Thereafter, at step S12, a trace record is shared from the AMF [106] to the TCE [306].
This trace record comprises the identity information such as IMSI and IMEI, along with cell
30 traffic trace.
[0165] Further, a call processing initiates from UE [502] after step S12. Thereafter, at step S13, the gNB [504] shares a RRC release message to the UE [502].
28

[0166] Thereafter, the NRSL creation ends, and the trace records are shared from the gNB [504] to the TCE [306]. These trace records contain the RRC release, NRSL log data and trace recording session stop parameter.
5 [0167] Additionally, the step 13 signifies stopping the trace recording session.
[0168] The present disclosure further discloses a non-transitory computer readable storage medium storing instructions for enriching one or more session logs with one or more identity information, the instructions include executable code which, when executed by a one or more
10 units of a network system [300], causes: a transceiver unit [302] at an access and mobility
function (AMF) [106] to receive, from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference (TR), and a trace recording session reference (TRSR); an extraction unit [304] at the AMF [106] to extract one or more identity information from the cell traffic trace; the transceiver unit [302] at the AMF [106] further to send, to a trace collection
15 entity (TCE) [306], a trace record, wherein the trace record comprises the one or more identity
information and the cell traffic trace; a normalizer unit [308] at the TCE [306] to enrich, each session log of one or more session logs contained in the TR of the cell traffic trace, with the one or more identity information; and the normalizer unit [308] at the TCE [306] further to store in a database [312], the enriched one or more session logs.
20
[0169] The present disclosure may be utilized by a telecommunication organization for
enriching one or more session logs with one or more identity information such as IMSI
information, and an IMEI information for rapid and efficient monitoring of network
performance.
25
[0170] As is evident from the above, the present disclosure provides a technically advanced
solution for enriching one or more session logs with one or more identity information. The
present solution assists in monitoring and analysing a network performance without the use of
physical tapping. The present solution enriches the one or more session logs of one or more
30 data exchange sessions with information such as IMSI and device identity information, such
as, IMEI. Additionally, the present solution saves time, labour and costs involved in enriching
the summary logs of the data exchange sessions with IMSI and IMEI.
29

[0171] While considerable emphasis has been placed herein on the disclosed implementations,
it will be appreciated that many implementations can be made and that many changes can be
made to the implementations without departing from the principles of the present disclosure.
These and other changes in the implementations of the present disclosure will be apparent to
5 those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to
be implemented is illustrative and non-limiting.
30

We Claim:
1. A method for enriching one or more session logs with one or more identity information,
the method comprising:
- receiving, by a transceiver unit [302], at an Access and Mobility Function (AMF) [106], from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference (TR) and a trace recording session reference (TRSR);
- extracting, by an extraction unit [304], at the AMF [106], one or more identity information from the cell traffic trace;
- sending, by the transceiver unit [302], from the AMF [106], to a trace collection entity (TCE) [306], a trace record, wherein the trace record comprises the extracted one or more identity information and the cell traffic trace;
- enriching, by a normalizer unit [308], at the TCE [306], each session log of one or more session logs contained in the TR of the cell traffic trace, with the one or more identity information; and
- storing, by the normalizer unit [308], at the TCE [306], in a database [312], the enriched one or more session logs.

2. The method as claimed in claim 1, wherein the one or more identity information comprises at least one of an International Mobile Subscriber Identity (IMSI) information, and an International Mobile Equipment Identity (IMEI) information.
3. The method as claimed in claim 1, wherein, prior to enriching by a normalizer unit [308] at the TCE [306], each session log of the one or more session logs with the one or more identity information, the method comprises:
decoding, by a conductor unit [310] at the TCE [306], the one or more session logs contained in the TR of the cell traffic trace.
4. The method as claimed in claim 1, wherein logging of the one or more session logs contained in the TR, is initiated when a radio resource control (RRC) setup request is received from a user equipment (UE) at the base station.
5. The method as claimed in claim 4, wherein the cell traffic trace is sent by the base station to the AMF [106], on completion of the RRC setup request at the base station.

6. The method as claimed in claim 4, wherein the logging of the one or more session logs contained in the TR, ends when a RRC release message is sent by the base station to the UE.
7. The method as claimed in claim 4, wherein the one or more session logs is associated with one of a data exchange session and a call session, between the UE and another UE via the base station.
8. A network system [300] for enriching one or more session logs with one or more identity information, the network system comprising:
- an access and mobility function (AMF) [106];
o a transceiver unit [302] via the access and mobility function (AMF) [106] configured to:
▪ receive, from a base station, a cell traffic trace, wherein the cell traffic trace comprises a trace reference (TR), and a trace recording session reference (TRSR); o an extraction unit [304] via the AMF [106] configured to:
▪ extract one or more identity information from the cell traffic trace, o the transceiver unit [302] via the AMF [106], further configured to send, to a trace collection entity (TCE) [306], a trace record, wherein the trace record comprises the one or more identity information and the cell traffic trace;
- the TCE [306] further comprises:
o a normalizer unit [308] configured to:
▪ enrich, each session log of one or more session logs contained in the
TR of the cell traffic trace, with the one or more identity information;
and ▪ store, in a database [312], the enriched one or more session logs.
9. The network system [300] as claimed in claim 8, wherein the one or more identity
information comprises at least one of an International Mobile Subscriber Identity
(IMSI) information, and an International Mobile Equipment Identity (IMEI)
information.

10. The network system [300] as claimed in claim 8, wherein prior to enriching by the
normalizer unit [308] at the TCE [306], each session log of the one or more session logs
with the one or more received identity information, the TCE [306] further comprises:
o a conductor unit [310] configured to decode the one or more session logs contained in the TR of the cell traffic trace.
11. The network system [300] as claimed in claim 8, wherein logging of the one or more session logs contained in the TR, is initiated when a radio resource control (RRC) setup request is received from a user equipment (UE) at the base station.
12. The network system [300] as claimed in claim 11, wherein the cell traffic trace is sent by the base station to the AMF [106], on completion of the RRC setup request at the base station.
13. The network system [300] as claimed in claim 11, wherein the logging of the one or more session logs contained in the TR, ends when a RRC release message is sent by the base station to the UE.
14. The network system [300] as claimed in claim 11, wherein the one or more session logs is associated with one of a data exchange session and a call session, between the UE and another UE via the base station.