FORM 2
THE PATENTS ACT, 1970 (39 OF 1970) & THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR ESTABLISHING A NETWORK SESSION AT A BINDING SUPPORT FUNCTION
(BSF)”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

METHOD AND SYSTEM FOR ESTABLISHING A NETWORK SESSION AT A BINDING SUPPORT FUNCTION (BSF)
FIELD OF THE INVENTION
[0001] The present disclosure generally relates to to the field of wireless communication systems. More particularly, embodiments of the present disclosure relate to a method and system for establishing a network session at a Binding Support Function (BSF).
BACKGROUND
[0002] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. 3G technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.

[0004] In a 5G network, the Policy Control Function (PCF) plays a key role in governing the interaction between the user equipment (UE) and the network, including managing the data sessions. Another crucial element in this process is the Binding Support Function (BSF), which assists in ensuring proper binding between network elements to maintain session continuity. Managing these sessions efficiently is essential for providing seamless connectivity to users while optimizing network resources. One of the challenges that arises in 5G networks is the efficient establishment and modification of user sessions, particularly when it comes to determining the involvement of the BSF. Traditionally, the BSF is involved in every session establishment attempt, leading to excessive resource consumption and increased processing loads. Additionally, ensuring that the correct Subscription Permanent Identifier (SUPI) and Data Network Name (DNN) are recognized during session establishment poses further complexities. To address these challenges, there is a need for a more targeted approach to session management, where the involvement of the BSF is limited to specific cases based on predefined criteria. This would not only reduce unnecessary resource consumption but also streamline the process of session establishment and modification, leading to improved network performance and scalability.
[0005] Thus, there exists an imperative need in the art to for managing and modifying user sessions within the network via determined SUPI range, which the present disclosure aims to address.
SUMMARY
[0006] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0007] An aspect of the present disclosure may relate to a method for establishing a network session at a Binding Support Function (BSF). The method includes receiving, by a transceiver unit at a Policy Control Function (PCF), a message

request comprising at least a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value. The method further includes determining, by a determining unit at the PCF, a positive SUPI status based on a positive matching of the SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value. The method further includes retrieving, by a retrieving unit at the PCF, a list of Data Network Name (DNN) associated with a user equipment (UE) based on the positive SUPI status. The method further includes determining, by the determining unit, a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN. The method further includes initiating, by a processing unit at the PCF, a registration request to a Binding Support Function (BSF) to establish the network session of the UE, based on the positive DNN status.
[0008] In an exemplary aspect of the present disclosure, the list of SUPI value is defined by the PCF.
[0009] In an exemplary aspect of the present disclosure, the message request is received from the UE to initiate the network session at the BSF.
[0010] In an exemplary aspect of the present disclosure, the method further comprises performing, by the processing unit at the PCF, a network session denial action based on a failure in matching the SUPI value with the list of Subscription Permanent Identifier (SUPI) value.
[0011] Another aspect of the present disclosure may relate to a system for establishing a network session at a Binding Support Function (BSF). The system comprises a Policy Control Function (PCF). The PCF comprises a transceiver unit configured to receive a message request comprising at least a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value. The PCF further comprises a determining unit connected with at least the transceiver unit, wherein the determining unit is configured to determine a positive SUPI status based on a positive matching of the SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value. The PCF further comprises

a retrieving unit connected with at least the determining unit, wherein the retrieving unit is configured to retrieve a list of Data Network Name (DNN) associated with a user equipment (UE) based on the positive SUPI status. The determining unit is further configured to determine a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN. The PCF further comprises a processing unit connected with at least the determining unit, wherein the determining unit is configured to initiate, from the PCF to the Binding Support Function (BSF), a registration request to establish the network session of the UE, based on the positive DNN status.
[0012] Yet another aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instructions for establishing a network session at a Binding Support Function (BSF), the instructions include executable code which, when executed by one or more units of a system, causes: a transceiver unit to receive a message request comprising at least a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value. The instructions when executed further causes a determining unit to determine a positive SUPI status based on a positive matching of the SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value. The instructions when executed further causes a retrieving unit to retrieve a list of Data Network Name (DNN) associated with a user equipment (UE) based on the positive SUPI status. The instructions when executed further causes the determining unit to determine a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN. The instructions when executed further causes a processing unit connected with at least the determining unit, wherein the determining unit is configured to initiate, from the PCF to the Binding Support Function (BSF), a registration request to establish the network session of the UE, based on the positive DNN status.

OBJECTS OF THE INVENTION
[0013] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
[0014] It is an object of the present disclosure to provide a system and a method for managing and modifying user sessions within the network by determining Subscription Permanent Identifier (SUPI) range.
[0015] It is yet another object of the present disclosure to provide a solution for optimizing resource usage by narrowing down the involvement of the BSF to specific ranges of SUPIs.
[0016] It is yet another object of the present disclosure to provide a solution for efficient session management by allowing the PCF to quickly determine whether a session should be allowed or denied based on the user's SUPI and the requested DNN.
DESCRIPTION OF THE DRAWINGS
[0017] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Also, the embodiments shown in the figures are not to be construed as limiting the disclosure, but the possible variants of the method and system according to the disclosure are illustrated herein to highlight the advantages of the disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.
[0018] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core (5GC) network architecture.

[0019] FIG. 2 illustrates an exemplary block diagram of a computing device upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
[0020] FIG. 3 illustrates an exemplary block diagram of a system for establishing
5 a network session at a Binding Support Function (BSF) in accordance with
exemplary implementations of the present disclosure.
[0021] FIG. 4 illustrates a method flow diagram for establishing a network session at a Binding Support Function (BSF) in accordance with exemplary implementations of the present disclosure.
10 [0022] FIG. 5 illustrates a process flow diagram for establishing a network session
at a Binding Support Function (BSF) in accordance with exemplary implementations of the present disclosure.
[0023] The foregoing shall be more apparent from the following more detailed description of the disclosure.
15
DETAILED DESCRIPTION
[0024] In the following description, for the purposes of explanation, various
specific details are set forth in order to provide a thorough understanding of
embodiments of the present disclosure. It will be apparent, however, that
20 embodiments of the present disclosure may be practiced without these specific
details. Several features described hereafter may each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above.
25 [0025] The ensuing description provides exemplary embodiments only, and is not
intended to limit the scope, applicability, or configuration of the disclosure. Rather,
7

the ensuing description of the exemplary embodiments will provide those skilled in
the art with an enabling description for implementing an exemplary embodiment.
It should be understood that various changes may be made in the function and
arrangement of elements without departing from the spirit and scope of the
5 disclosure as set forth.
[0026] Specific details are given in the following description to provide a thorough
understanding of the embodiments. However, it will be understood by one of
ordinary skill in the art that the embodiments may be practiced without these
specific details. For example, circuits, systems, processes, and other components
10 may be shown as components in block diagram form in order not to obscure the
embodiments in unnecessary detail.
[0027] Also, it is noted that individual embodiments may be described as a process
which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure
diagram, or a block diagram. Although a flowchart may describe the operations as
15 a sequential process, many of the operations may be performed in parallel or
concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
[0028] The word “exemplary” and/or “demonstrative” is used herein to mean
20 serving as an example, instance, or illustration. For the avoidance of doubt, the
subject matter disclosed herein is not limited by such examples. In addition, any
aspect or design described herein as “exemplary” and/or “demonstrative” is not
necessarily to be construed as preferred or advantageous over other aspects or
designs, nor is it meant to preclude equivalent exemplary structures and techniques
25 known to those of ordinary skill in the art. Furthermore, to the extent that the terms
“includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive—in a manner similar to the term “comprising” as an open transition word—without precluding any additional or other elements.
8

[0029] As used herein, a “processing unit” or “processor” or “operating processor”
includes one or more processors, wherein processor refers to any logic circuitry for
processing instructions. A processor may be a general-purpose processor, a special
purpose processor, a conventional processor, a digital signal processor, a plurality
5 of microprocessors, one or more microprocessors in association with a (Digital
Signal Processing) DSP core, a controller, a microcontroller, Application Specific
Integrated Circuits, Field Programmable Gate Array circuits, any other type of
integrated circuits, etc. The processor may perform signal coding data processing,
input/output processing, and/or any other functionality that enables the working of
10 the system according to the present disclosure. More specifically, the processor or
processing unit is a hardware processor.
[0030] As used herein, “a user equipment”, “a user device”, “a smart-user-device”, “a smart-device”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless communication device”, “a mobile communication device”, “a
15 communication device” may be any electrical, electronic and/or computing device
or equipment, capable of implementing the features of the present disclosure. The user equipment/device may include, but is not limited to, a mobile phone, smart phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable
20 of implementing the features of the present disclosure. Also, the user device may
contain at least one input means configured to receive an input from at least one of a transceiver unit, a processing unit, a storage unit, a detection unit and any other such unit(s) which are required to implement the features of the present disclosure.
[0031] As used herein, “storage unit” or “memory unit” refers to a machine or
25 computer-readable medium including any mechanism for storing information in a
form readable by a computer or similar machine. For example, a computer-readable medium includes read-only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices or other types of machine-accessible storage media. The storage unit stores at least the data
9

that may be required by one or more units of the system to perform their respective functions.
[0032] As used herein “interface” or “user interface refers to a shared boundary
across which two or more separate components of a system exchange information
5 or data. The interface may also be referred to a set of rules or protocols that define
communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures that may be called.
[0033] All modules, units, components used herein, unless explicitly excluded
10 herein, may be software modules or hardware processors, the processors being a
general-purpose processor, a special purpose processor, a conventional processor,
a digital signal processor (DSP), a plurality of microprocessors, one or more
microprocessors in association with a DSP core, a controller, a microcontroller,
Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array
15 circuits (FPGA), any other type of integrated circuits, etc.
[0034] As used herein, the transceiver unit include at least one receiver and at least one transmitter configured respectively for receiving and transmitting data, signals, information, or a combination thereof between units/components within the system and/or connected with the system.
20 [0035] As used herein, Subscription Permanent Identifier (SUPI) is a unique
identifier used to represent a subscriber's permanent identity in a 5G network. It replaces the IMSI used in 4G networks and is designed to provide enhanced privacy and security features.
[0036] As used herein, DNN (Data Network Name) is a crucial concept in
25 telecommunications and networking, particularly in the context of mobile networks.
It serves as an identifier for a specific packet data network that devices connect to when accessing the Internet or other services.
10

[0037] As discussed in the background section, the current known solutions have
several shortcomings. The present disclosure aims to overcome the above-
mentioned and other existing problems in this field of technology by providing
method and system for establishing a network session at a Binding Support
5 Function (BSF).
[0038] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core (5GC) network architecture, in accordance with exemplary implementation of the present disclosure. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment (UE) [102], a radio access network
10 (RAN) [104], an access and mobility management function (AMF) [106], a Session
Management Function (SMF) [108], a Service Communication Proxy (SCP) [110], an Authentication Server Function (AUSF) [112], a Network Slice Specific Authentication and Authorization Function (NSSAAF) [114], a Network Slice Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a
15 Network Repository Function (NRF) [120], a Policy Control Function (PCF) [122],
a Unified Data Management (UDM) [124], an application function (AF) [126], a User Plane Function (UPF) [128], a data network (DN) [130], and a binding support function (BSF) [132], wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing
20 features of the present disclosure.
[0039] Radio Access Network (RAN) [104] is the part of a mobile
telecommunications system that connects user equipment (UE) [102] to the core
network (CN) and provides access to different types of networks (e.g., 5G network).
It consists of radio base stations and the radio access technologies that enable
25 wireless communication.
[0040] Access and Mobility Management Function (AMF) [106] is a 5G core network function responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
11

[0041] Session Management Function (SMF) [108] is a 5G core network function responsible for managing session-related aspects, such as establishing, modifying, and releasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.
5 [0042] Service Communication Proxy (SCP) [110] is a network function in the 5G
core network that facilitates communication between other network functions by providing a secure and efficient messaging service. It acts as a mediator for service-based interfaces.
[0043] Authentication Server Function (AUSF) [112] is a network function in the
10 5G core responsible for authenticating UEs during registration and providing
security services. It generates and verifies authentication vectors and tokens.
[0044] Network Slice Specific Authentication and Authorization Function
(NSSAAF) [114] is a network function that provides authentication and
authorization services specific to network slices. It ensures that UEs can access only
15 the slices for which they are authorized.
[0045] Network Slice Selection Function (NSSF) [116] is a network function responsible for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
[0046] Network Exposure Function (NEF) [118] is a network function that exposes
20 capabilities and services of the 5G network to external applications, enabling
integration with third-party services and applications.
[0047] Network Repository Function (NRF) [120] is a network function that acts as a central repository for information about available network functions and services. It facilitates the discovery and dynamic registration of network functions.
25 [0048] Policy Control Function (PCF) [122] is a network function responsible for
policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.
12

[0049] Unified Data Management (UDM) [124] is a network function that centralizes the management of subscriber data, including authentication, authorization, and subscription information.
[0050] Application Function (AF) [126] is a network function that represents
5 external applications interfacing with the 5G core network to access network
capabilities and services.
[0051] User Plane Function (UPF) [128] is a network function responsible for handling user data traffic, including packet routing, forwarding, and QoS enforcement.
10 [0052] Data Network (DN) [130] refers to a network that provides data services to
user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services.
[0053] Binding Support Function (BSF) [132] refers to a network function that particularly in scenarios where multiple Policy Control Function (PCF)
15 [122] systems are deployed. Its primary function is to track sessions across the
network based on common criteria, such as subscriber identifiers. The BSF [132] ensures session correlation for HTTP/2 and can also maintain session state between HTTP/2 and Diameter. It enables scaling of the policy/charging network by allowing correlation of sessions across multiple policy servers. Furthermore, the
20 BSF provides the Nbsf_Management service. This service allows Network
Function (NF) service consumers to register, update, and remove binding information, ensuring that session data is accurately maintained across the network. The BSF also facilitates the retrieval of binding information by NF service consumers, enabling them to access up-to-date session details. Furthermore, the
25 BSF supports subscription to notifications related to registration and deregistration
events, specifically for newly registered or deregistered PCF instances, whether for a User Equipment (UE) or a PDU session.
13

[0054] FIG. 2 illustrates an exemplary block diagram of a computing device [200]
(also referred to herein as computer system [200]) upon which the features of the
present disclosure may be implemented in accordance with exemplary
implementation of the present disclosure. In an implementation, the computing
5 device [200] may also implement a method for establishing a network session at a
Binding Support Function (BSF) utilising the system. In another implementation,
the computing device [200] itself implements the method for establishing a network
session at a Binding Support Function (BSF) using one or more units configured
within the computing device [200], wherein said one or more units are capable of
10 implementing the features as disclosed in the present disclosure.
[0055] The computing device [200] may include a bus [202] or other communication mechanism for communicating information, and a hardware processor [204] coupled with bus [202] for processing information. The hardware processor [204] may be, for example, a general-purpose microprocessor. The
15 computing device [200] may also include a main memory [206], such as a random-
access memory (RAM), or other dynamic storage device, coupled to the bus [202] for storing information and instructions to be executed by the processor [204]. The main memory [206] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed by the
20 processor [204]. Such instructions, when stored in non-transitory storage media
accessible to the processor [204], render the computing device [200] into a special-purpose machine that is customized to perform the operations specified in the instructions. The computing device [200] further includes a read only memory (ROM) [208] or other static storage device coupled to the bus [202] for storing static
25 information and instructions for the processor [204].
[0056] A storage device [210], such as a magnetic disk, optical disk, or solid-state
drive is provided and coupled to the bus [202] for storing information and
instructions. The computing device [200] may be coupled via the bus [202] to a
display [212], such as a cathode ray tube (CRT), Liquid crystal Display (LCD),
30 Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for
14

displaying information to a computer user. An input device [214], including
alphanumeric and other keys, touch screen input means, etc. may be coupled to the
bus [202] for communicating information and command selections to the processor
[204]. Another type of user input device may be a cursor controller [216], such as
5 a mouse, a trackball, or cursor direction keys, for communicating direction
information and command selections to the processor [204], and for controlling cursor movement on the display [212]. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.
10 [0057] The computing device [200] may implement the techniques described
herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware, and/or program logic which in combination with the computing device [200] causes or programs the computing device [200] to be a special-purpose machine. According to one implementation, the techniques herein are performed by the
15 computing device [200] in response to the processor [204] executing one or more
sequences of one or more instructions contained in the main memory [206]. Such instructions may be read into the main memory [206] from another storage medium, such as the storage device [210]. Execution of the sequences of instructions contained in the main memory [206] causes the processor [204] to perform the
20 process steps described herein. In alternative implementations of the present
disclosure, hard-wired circuitry may be used in place of or in combination with software instructions.
[0058] The computing device [200] also may include a communication interface
[218] coupled to the bus [202]. The communication interface [218] provides a two-
25 way data communication coupling to a network link [220] that is connected to a
local network [222]. For example, the communication interface [218] may be an
integrated services digital network (ISDN) card, cable modem, satellite modem, or
a modem to provide a data communication connection to a corresponding type of
telephone line. As another example, the communication interface [218] may be a
30 local area network (LAN) card to provide a data communication connection to a
15

compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface [218] sends and receives electrical, electromagnetic, or optical signals that carry digital data streams representing various types of information.
5 [0059] The computing device [200] can send messages and receive data, including
program code, through the network(s), the network link [220] and the
communication interface [218]. In the Internet example, a server [230] might
transmit a requested code for an application program through the Internet [228], the
ISP [226], the local network [222], host [224] and the communication interface
10 [218]. The received code may be executed by the processor [204] as it is received,
and/or stored in the storage device [210], or other non-volatile storage for later execution.
[0060] The computing device [200] encompasses a wide range of electronic devices capable of processing data and performing computations. Examples of
15 computing device [200] include, but are not limited only to, personal computers,
laptops, tablets, smartphones, servers, and embedded systems. The devices may operate independently or as part of a network and can perform a variety of tasks such as data storage, retrieval, and analysis. Additionally, computing device [200] may include peripheral devices, such as monitors, keyboards, and printers, as well
20 as integrated components within larger electronic systems, showcasing their
versatility in various technological applications.
[0061] Referring to FIG 3, an exemplary block diagram of a system [300] for
establishing a network session at a Binding Support Function (BSF) is shown, in
accordance with the exemplary implementations of the present disclosure. The
25 system [300] comprises, at least one transceiver unit [302], at least one determining
unit [304], at least one retrieving unit [306], at least one session management function (SMF) [108], at least one processing unit [308], and at least one database [312]. Also, all of the components/ units of the system [300] are assumed to be connected to each other unless otherwise indicated below. As shown in the figures
16

all units shown within the system should also be assumed to be connected to each
other. Also, in FIG. 3 only a few units are shown, however, the system [300] may
comprise multiple such units or the system [300] may comprise any such numbers
of said units, as required to implement the features of the present disclosure.
5 Further, in an implementation, the system [300] may be present in a user device to
implement the features of the present disclosure. The system [300] may be a part of
the user device / or may be independent of but in communication with the user
device (may also referred herein as a UE). In another implementation, the system
[300] may reside in a server or a network entity. In yet another implementation, the
10 system [300] may reside partly in the server/ network entity and partly in the user
device.
[0062] The system [300] is configured for establishing a network session at a Binding Support Function (BSF) [132], with the help of the interconnection between the components/units of the system [300].
15 [0063] The system [300] comprises a Policy Control Function (PCF) [122]. The
PCF [122] comprises a transceiver unit [302] configured to receive a message request, which comprises at least one of a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value. The message request is received over the N7 interface using the Hypertext Transfer Protocol/2 (HTTP/2) and is sent
20 by the SMF [108] to in response to specific events, such as when the User
Equipment (UE) first latches onto the network or when a triggering event occurs, such as a change in the UE’s IP address.
[0064] When the UE connects to the network, the SMF initiates the session
management process by sending an Npcf_SMPolicyControl_Create message to the
25 PCF. The message request may include SmPolicyContextData, which provides
context necessary for the PCF to make policy decisions, such as the DNN to which the UE is attempting to connect and the SUPI, which uniquely identifies the UE. The transceiver unit [302] in the PCF receives the incoming SM Policy Control Create/Update message requests from the SMF. The PCF processes the message
17

requests to establish or modify network sessions at the Binding Support Function (BSF) [132]. If the SUPI falls within the specified range and the DNN is valid, the PCF initiates the necessary binding procedures with the BSF. Otherwise, it may deny the session establishment or modification.
5 [0065] Subsequently, the Npcf_SMPolicyControl_Update message, which
includes SmPolicyUpdateContextData, is used for updating the session when certain conditions are met, such as an IP address change or other event triggers related to the UE. The PCF evaluates the update request, checking the SUPI and DNN again, and determines whether the session should be modified, continued, or
10 terminated, ensuring efficient and controlled session management within the 5G
network.The transceiver unit [302] receives the incoming message requests from the SMF [108] trying to establish a connection to a specific data network. For example, when a SMF [108] attempts to access a certain service or application, it sends a message request to the network. The message request includes the DNN
15 value, which identifies the desired data network, and the SUPI value, which
uniquely identifies the user.
[0066] The Data Network Name (DNN) value in the message request facilitates in determining which data network the user equipment (UE) wants to connect to. For example, if a user is trying to access an enterprise network for work-related tasks,
20 the DNN value will indicate this particular network. The transceiver unit [302]
within the PCF [122] processes the DNN value such that the message request for the network session establishment is routed to the appropriate network and that the correct resources are allocated for the connection. In addition to the DNN value, the message further includes the SUPI value. The SUPI is a unique identifier that ties
25 the session request to a specific user subscription. For example, when a user initiates
a session, the SUPI value is used to verify their identity and ensure that they have the necessary permissions to access the requested data network.
[0067] In an exemplary aspect, the DNN shall contain the network identifier, and it may additionally contain an operator identifier as well. If the operator identifier
18

is not included, the DNN is supported for all the PLMNs in the plmnList. If not provided, the BSF [132] may serve any DNN.
[0068] The PCF [122] further comprises a determining unit [304] connected with
at least the transceiver unit. The determining unit [304] is configured to determine
5 a positive SUPI status based on a positive matching of the SUPI value with at least
one SUPI value in a list of Subscription Permanent Identifier (SUPI) values.
[0069] When a message request containing the SUPI value is received by the
transceiver unit [302], the determining unit [304] compares the SUPI value against
a predefined list of SUPI values to determine if the user falls within the acceptable
10 range.
[0070] For example, a user initiates a session to access a corporate network. The
SUPI value sent from the SMF [108] is matched by the determining unit [304]
against a list of SUPI values authorized to connect to this particular network. If the
SUPI value matches one of the SUPI values in the predefined list of SUPI values,
15 the determining unit [304] assigns a positive SUPI status. The positive SUPI status
indicates that the user is authorized to proceed with the session establishment. However, if the SUPI value does not match any value in the list, the determining unit [304] may determine a negative SUPI status, leading to the denial of the session request.
20 [0071] The list of SUPI values used by the determining unit [304] may be managed
by the network administrator or policy configurations within the network. For example, in a network serving multiple enterprises, each enterprise may have its own list of authorized SUPIs. When a user from one enterprise attempts to establish a session, the determining unit [304] ensures that the SUPI value corresponds to the
25 correct enterprise list, thereby preventing unauthorized access to other networks. In
an exemplary aspect, the PCF [122] define the list of SUPI value. In an exemplary aspect, the list of SUPI values are predefined the list of SUPI values that are involved in identifying and managing specific users or subscriptions based on the identifiers. This list allows the PCF [122] to apply network policies, control access,
19

and manage user sessions effectively, ensuring that each user's experience aligns with the network’s requirements and policies.
[0072] In an exemplary aspect, the list of SUPI value and list of DNN value are
stored in a database [312]. In an exemplary aspect, retrieving unit [306] retrieves
5 both the list of SUPI value and list of DNN value from database [312].
[0073] The PCF [122] further comprises a retrieving unit [306] connected with at least the determining unit [304]. The retrieving unit [306] is configured to retrieve a list of Data Network Name (DNN) associated with a user equipment (UE) [102] based on the positive SUPI status.
10 [0074] After the determining unit [304] verifies that the SUPI is positive, the
retrieving unit [306] retrieves the list of Data Network Name (DNN) associated with the UE [102] based on the positive SUPI status. In an exemplary aspect, the retrieving unit [306] retrieves the list of Data Network Names (DNNs) that the user equipment (UE) [102] is allowed to access, but only after confirming that the user’s
15 SUPI is positive.
[0075] Once the determining unit [304] verifies that the user’s SUPI matches one in the authorized list, indicating a positive SUPI status, the retrieving unit [306] retrieved the list of DNNs that the user is allowed to access such that the user's network session request is routed to the correct data network.
20 [0076] For example, when a user successfully verifies their SUPI, the retrieving
unit [306] retrieves a list of DNNs that the user can connect to. The DNNs might represent different services, such as an internet of things (IOT), content delivery network (CDN), emergency services, corporate intranet, internet access, or specialized data services. If a user working in a multinational company connects to
25 the network, the retrieving unit [306] retrieves the DNNs associated with that user's
profile, which could include a secure corporate data network and a general internet gateway.
20

[0077] The retrieved DNN list may specify which data networks the user can connect to, helping the network to avoid routing the session to an unauthorized or irrelevant network. For example, a user might be restricted to only access enterprise resources and not general public networks, and this is controlled by the DNN list.
5 [0078] The determining unit [304] is further configured to determine a positive
DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN.
[0079] The determining unit [304] determines whether a requested Data Network
Name (DNN) is positive by matching the DNN value provided by the SMF [108]
10 against a defined list of allowed DNN values. If the requested DNN matches at least
one entry in this list, it is considered a "positive" DNN status, meaning the requested network or service is permitted.
[0080] Once the retrieving unit [306] has fetched the list of Data Network Names (DNNs) associated with a particular user equipment (UE) [102], the determining
15 unit [304] facilitates in verifying whether the user’s session request aligns with the
allowed DNNs. The determining unit [304] checks the DNN value received in the message request from the UE against the list of DNNs retrieved by the retrieving unit [306]. If the DNN value matches one of the entries in the list, the determining unit [304] assigns a positive DNN status, indicating that the user is authorized to
20 establish a session with that specific data network.
[0081] For example, if a user’s device via SMF [108] sends a request to connect to
a "corporate_intranet" DNN, the determining unit [304] will compare this DNN
value with the list of authorized DNNs retrieved for that user. If
"corporate_intranet" is found in the list, the determining unit [304] confirms a
25 positive DNN status, signalling that the user can proceed with connecting to the
corporate network. However, if the user attempts to connect to a different DNN, such as a "guest_network" DNN that is not in the list, the determining unit [304] will not assign a positive DNN status, and the session request will be denied or redirected.
21

[0082] The PCF [122] further comprises a processing unit [308] connected with at
least the determining unit [304]. The processing unit [308] is configured to initiate,
from the PCF [122] to the Binding Support Function (BSF) [132], a registration
request to establish the network session of the UE [102], based on the positive DNN
5 status.
[0083] After the determining unit [304] determines that the requested Data Network Name (DNN) is positive status, the processing unit [308] initiates a registration request from the PCF (122) to the Binding Support Function (BSF) [132]. For example, if a user’s device successfully matches both its SUPI and DNN
10 values during the validation process, the processing unit [308] sends a registration
request to the BSF [132] to allocate the necessary network resources and establish the session. This request from the PCF [122] to the BSF [132] is critical for binding the user's session with the correct network functions, ensuring that data flows properly between the user equipment and the network. Without this step, the
15 network session could not be completed, and the user would not be able to access
the intended network services.
[0084] In an exemplary aspect, the processing unit [308] allows PCF [122] to register the session binding information for the UE [102] in the BSF [132] by providing the user identity, the DNN, the UE address(es) and the selected PCF
20 address for a certain PDU Session to the BSF, and BSF stores the information. In
an exemplary aspect, if the Binding Update feature is not supported and if the NF service consumer (e.g., PCF) receives a new UE address (e.g., IPv6 prefix) and already registered session binding information for this PDU session, the NF service consumer (e.g., PCF) shall register a new session binding information in the BSF
25 [132].
[0085] In an exemplary aspect, the processing unit [308], register the PCF [122] for a PDU session binding information by invoking the Nbsf_Management_Register service operation to register the session binding information for a UE [102] in the BSF [132]. The NF service consumer shall send an HTTP POST request with
22

"{apiRoot}/nbsfmanagement/v1/pcfBindings" as Resource URI representing the "PCF Session Bindings" to create a binding information for an "Individual PCF Session Binding" according to the information (e.g., UE address(es), SUPI, GPSI, DNN, S-NSSAI) in the message body.
5 [0086] In an exemplary aspect, the processing unit [308], register the PCF [122] for
a UE [102] binding information, by invoking the Nbsf_Management_Register
service operation to register the PCF for a SMF [108] when a UE [102] latches on
the network, binding information in the BSF [132]. The NF service consumer shall
send for this an HTTP POST request with "{apiRoot}/nbsf-management//pcf-ue-
10 bindings" as Resource URI representing the "PCF for a UE Bindings", to create a
binding information for an "Individual PCF for a UE Binding" according to the
information in the message body.
[0087] In an exemplary aspect, the processing unit [308], processes various type of
PcfForUeBinding attributes such as but not limited only to SUPI, generic public
15 subscription identifier (GPSI), PCF instance identifier (PCF ID), PCF set Identifier
(PCF SET ID) etc. Further, upon the reception of an HTTP POST request with:
"{apiRoot}/nbsf-management//pcf-ue-bindings" as Resource URI and
"PcfForUeBinding" data structure as request body, the BSF shall create new binding information; assign a bindingId; and store the binding information.
20 [0088] The processing unit [308] is further configured to perform a network session
denial action based on a failure in matching the SUPI value with at least one SUPI value in the list of Subscription Permanent Identifier (SUPI) values.
[0089] The processing unit [308] performs the network session denial action based
on the failure in matching the SUPI value with at least one SUPI value in the list of
25 Subscription Permanent Identifier (SUPI) value. In an exemplary aspect, if the
determining unit [304] finds that the user's SUPI does not match any value in the list of valid SUPIs, the processing unit [308] responds by performing a network session denial action. By performing network session denial action, the processing unit [308] helps in maintaining network security and policy compliance by
23

preventing unauthorized access based on invalid SUPIs. For example, when a user's
device via AMF and SMF [108] attempts to connect to the network, it sends a
message containing the SUPI value to identify itself. If this SUPI value does not
match any of the values in the authorized list maintained by the network, the
5 determining unit [304] will flag this as a failed match. The processing unit [308]
will then step in to deny the session request. This denial action might involve sending a rejection message back to the SMF [108], preventing any further attempts to establish the session.
[0090] In an exemplary aspect, if an unauthorized device attempts to access
10 sensitive data, the processing unit [308] may block the connection by denying the
session at the outset, based on the failed SUPI match.
[0091] Referring to FIG. 4, an exemplary method flow diagram [400] for
establishing a network session at a Binding Support Function (BSF), in accordance
with exemplary implementations of the present disclosure is shown. In an
15 implementation the method [400] is performed by the system [300]. Further, in an
implementation, the system [300] may be present in a server device to implement the features of the present disclosure. Also, as shown in FIG. 4, the method [400] starts at step [402].
[0092] At step 404, the method [400] comprises receiving, by a transceiver unit
20 [302] at a Policy Control Function (PCF) [122], a message request comprising at
least a Data Network Name (DNN) value and a Subscription Permanent Identifier
(SUPI) value. The message request is received from the SMF [108] to initiate the
network session at the BSF [132]. In an exemplary aspect, transceiver unit [302]
receives the message request from the SMF [108] over a N7 interface in HTTP/2
25 protocol. The message request is sent by the SMF [108] when a UE [102] latches
on the network.
[0093] In an exemplary aspect, the Npcf_SMPolicyControl_Create service operation provides means for the SMF [108] to request the creation of a corresponding SM Policy Association with PCF [122].
24

[0094] In an exemplary aspect, the Npcf_SMPolicyControl_Update service
operation provides means for the NF service consumer to inform the PCF [122] that
a policy control request trigger condition has been met and for the PCF [122] to
inform the NF service consumer of any resulting update of the Session Management
5 related policies.
[0095] The transceiver unit [302] receives the incoming message requests from the
SMF [108] trying to establish a connection to a specific data network. For example,
when a the SMF [108] attempts to access a certain service or application, it sends a
message request to the network. The message request includes the DNN value,
10 which identifies the desired data network, and the SUPI value, which uniquely
identifies the user.
[0096] The Data Network Name (DNN) value in the message request facilitates in determining which data network the user equipment (UE) wants to connect to. For example, if a user is trying to access an enterprise network for work-related tasks,
15 the DNN value will indicate this particular network. The transceiver unit [302]
within the PCF [122] processes the DNN value such that the message request for the network session establishment is routed to the appropriate network and that the correct resources are allocated for the connection. In addition to the DNN value, the message further includes the SUPI value. The SUPI is a unique identifier that ties
20 the session request to a specific user subscription. For example, when a user initiates
a session, the SUPI value is used to verify their identity and ensure that they have the necessary permissions to access the requested data network.
[0097] In an exemplary aspect, the DNN shall contain the network identifier, and
it may additionally contain an operator identifier as well. If the operator identifier
25 is not included, the DNN is supported for all the PLMNs in the plmnList. If not
provided, the BSF [132] may serve any DNN.
[0098] At step 406, the method [400] comprises determining, by a determining unit [304] at the PCF [122], a positive SUPI status based on a positive matching of the
25

SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value.
[0099] When a message request containing the SUPI value is received by the
transceiver unit [302], the determining unit [304] compares the SUPI value against
5 a predefined list of SUPI values to determine if the user falls within the acceptable
range.
[0100] For example, a user initiates a session to access a corporate network. The SUPI value sent from the SMF [108] is matched by the determining unit [304] against a list of SUPI values authorized to connect to this particular network. If the
10 SUPI value matches one of the SUPI values in the predefined list of SUPI values,
the determining unit [304] assigns a positive SUPI status. The positive SUPI status indicates that the user is authorized to proceed with the session establishment. However, if the SUPI value does not match any value in the list, the determining unit [304] may determine a negative SUPI status, leading to the denial of the session
15 request.
[0101] The list of SUPI values used by the determining unit [304] may be managed by the network administrator or policy configurations within the network. For example, in a network serving multiple enterprises, each enterprise may have its own list of authorized SUPIs. When a user from one enterprise attempts to establish
20 a session, the determining unit [304] ensures that the SUPI value corresponds to the
correct enterprise list, thereby preventing unauthorized access to other networks. In an exemplary aspect, the PCF [122] define the list of SUPI value. In an exemplary aspect, the list of SUPI values are predefined the list of SUPI values that are involved in identifying and managing specific users or subscriptions based on the
25 identifiers. This list allows the PCF [122] to apply network policies, control access,
and manage user sessions effectively, ensuring that each user's experience aligns with the network’s requirements and policies.
26

[0102] In an exemplary aspect, the list of SUPI value and list of DNN value are stored in a database [312]. In an exemplary aspect, retrieving unit [306] retrieves both the list of SUPI value and list of DNN value from database [312].
[0103] At step 408, the method [400] comprises retrieving, by a retrieving unit
5 [306] at the PCF [122], a list of Data Network Name (DNN) associated with a user
equipment (UE) [102] based on the positive SUPI status.
[0104] After the determining unit [304] verifies that the SUPI is positive, the
retrieving unit [306] retrieves the list of Data Network Name (DNN) associated
with the UE [102] based on the positive SUPI status. In an exemplary aspect, the
10 retrieving unit [306] retrieves the list of Data Network Names (DNNs) that a user
equipment (UE) [102] is allowed to access, but only after confirming that the user’s SUPI is positive.
[0105] Once the determining unit [304] verifies that the user’s SUPI matches one
in the authorized list, indicating a positive SUPI status, the retrieving unit [306]
15 retrieved the list of DNNs that the user is allowed to access such that the user's
network session request is routed to the correct data network.
[0106] For example, when a user successfully verifies their SUPI, the retrieving
unit [306] retrieves a list of DNNs that the user can connect to. The DNNs might
represent different services, such as an internet of things (IOT), content delivery
20 network (CDN), emergency services, corporate intranet, internet access, or
specialized data services. If a user working in a multinational company connects to the network, the retrieving unit [306] retrieves the DNNs associated with that user's profile, which could include a secure corporate data network and a general internet gateway.
25 [0107] The retrieved DNN list may specify which data networks the user can
connect to, helping the network to avoid routing the session to an unauthorized or irrelevant network. For example, a user might be restricted to only access enterprise resources and not general public networks, and this is controlled by the DNN list.
27

[0108] At step 410, the method [400] comprises determining, by the determining unit [304], a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN.
[0109] The determining unit [304] determines whether a requested Data Network
5 Name (DNN) is positive by matching the DNN value provided by the SMF [108]
against a defined list of allowed DNN values. If the requested DNN matches at least one entry in this list, it is considered a "positive" DNN status, meaning the requested network or service is permitted.
[0110] Once the retrieving unit [306] has fetched the list of Data Network Names
10 (DNNs) associated with a particular user equipment (UE) [102], the determining
unit [304] facilitates in verifying whether the user’s session request aligns with the
allowed DNNs. The determining unit [304] checks the DNN [310] value received
in the message request from the SMF [108] against the list of DNNs retrieved by
the retrieving unit [306]. If the DNN value matches one of the entries in the list, the
15 determining unit [304] assigns a positive DNN status, indicating that the user is
authorized to establish a session with that specific data network.
[0111] For example, if a SMF [108] sends a request to connect to a
"corporate_intranet" DNN, the determining unit [304] will compare this DNN value
with the list of authorized DNNs retrieved for that user. If "corporate_intranet" is
20 found in the list, the determining unit [304] confirms a positive DNN status,
signalling that the user can proceed with connecting to the corporate network. However, if the user attempts to connect to a different DNN, such as a "guest_network" DNN that is not in the list, the determining unit [304] will not assign a positive DNN status, and the session request will be denied or redirected.
25 [0112] At step 412, the method [400] comprises initiating, by a processing unit
[308] at the PCF [122], a registration request to a Binding Support Function (BSF) [132] to establish the network session of the UE [102], based on the positive DNN status.
28

[0113] After the determining unit [304] determines that the requested Data
Network Name (DNN) is positive status, the processing unit [308] initiates a
registration request from the PCF (122) to the Binding Support Function (BSF)
[132]. For example, if a user’s device successfully matches both its SUPI and DNN
5 values during the validation process, the processing unit [308] sends a registration
request to the BSF [132] to allocate the necessary network resources and establish
the session. This request from the PCF [122] to the BSF [132] is critical for binding
the user's session with the correct network functions, ensuring that data flows
properly between the user equipment and the network. Without this step, the
10 network session could not be completed, and the user would not be able to access
the intended network services.
[0114] In an exemplary aspect, the processing unit [308] allows PCF [122] to register the session binding information for a UE [102] in the BSF [132] by providing the user identity, the DNN, the UE address(es) and the selected PCF [122]
15 address for a certain PDU Session to the BSF [132], and BSF [132] stores the
information. In an exemplary aspect, if the Binding Update feature is not supported and if the NF service consumer (e.g., PCF) receives a new UE address (e.g., IPv6 prefix) and already registered session binding information for this PDU session, the NF service consumer (e.g., PCF) shall register a new session binding information
20 in the BSF [132].
[0115] In an exemplary aspect, the processing unit [308], register the PCF [122] for
a PDU session binding information by invoking the Nbsf_Management_Register
service operation to register the session binding information for a UE [102] in the
BSF [132]. The NF service consumer shall send an HTTP POST request with
25 "{apiRoot}/nbsfmanagement/v1/pcfBindings" as Resource URI representing the
"PCF Session Bindings" to create a binding information for an "Individual PCF Session Binding" according to the information (e.g., UE address(es), SUPI, GPSI, DNN, S-NSSAI) in the message body.
29

[0116] In an exemplary aspect, the processing unit [308], register the PCF [122] for
a UE [102] binding information, by invoking the Nbsf_Management_Register
service operation to register the PCF [122] for a SMF [108] when a UE [102] latches
on the network, binding information in the BSF [132]. The NF service consumer
5 shall send for this an HTTP POST request with "{apiRoot}/nbsf-management//pcf-
ue-bindings" as Resource URI representing the "PCF for a UE Bindings", to create a binding information for an "Individual PCF for a UE Binding" according to the information in the message body.
[0117] In an exemplary aspect, the processing unit [308], processes various type of
10 PcfForUeBinding attributes such as but not limited only to SUPI, generic public
subscription identifier (GPSI), PCF instance identifier (PCF ID), PCF set Identifier
(PCF SET ID) etc. Further, upon the reception of an HTTP POST request with:
"{apiRoot}/nbsf-management//pcf-ue-bindings" as Resource URI and
"PcfForUeBinding" data structure as request body, the BSF shall create new
15 binding information; assign a bindingId; and store the binding information.
[0118] At step [414], the method [400] terminates.
[0119] The method [400] further comprises performing, by the processing unit
[308] at the PCF [122], a network session denial action based on a failure in
matching the SUPI value with the list of Subscription Permanent Identifier (SUPI)
20 values.
[0120] The processing unit [308] performs the network session denial action based
on the failure in matching the SUPI value with at least one SUPI value in the list of
Subscription Permanent Identifier (SUPI) value. In an exemplary aspect, if the
determining unit [304] finds that the user's SUPI does not match any value in the
25 list of valid SUPIs, the processing unit [308] responds by performing a network
session denial action. By performing network session denial action, the processing unit [308] helps in maintaining network security and policy compliance by preventing unauthorized access based on invalid SUPIs. For example, when a user's device attempts to connect to the network, it sends a message containing the SUPI
30

value to identify itself. If this SUPI value does not match any of the values in the
authorized list maintained by the network, the determining unit [304] will flag this
as a failed match. The processing unit [308] will then step in to deny the session
request. This denial action might involve sending a rejection message back to the
5 SMF [108] , preventing any further attempts to establish the session.
[0121] In an exemplary aspect, if an unauthorized device attempts to access sensitive data, the processing unit [308] may block the connection by denying the session at the outset, based on the failed SUPI match.
[0122] Referring to FIG. 5, an exemplary process [500] flow diagram for
10 establishing a network session at a Binding Support Function (BSF), in accordance
with exemplary implementations of the present disclosure is shown. The process [500] starts at step 502.
[0123] At step 504, a message request comprising a DNN value and SUPI value, is sent from the SMF [108] when a UE [102] latches on the network to the PCF [122].
15 In an exemplary aspect, the transceiver unit [302] receives the from the SMF [108]
when a UE [102] latches on the network, the message request which comprises DNN (Data Network Name) that includes an identifier for a specific packet data network to which devices connect to when accessing the Internet or other services, and the SUPI value which includes globally unique identifier that is assigned to
20 each subscriber in the 5G network, which is provisioned in the UDM/UDR.
[0124] At step 506, determining SUPI for BSF [132] range. In an exemplary aspect,
the determining unit [304] determines whether a requested Data Network Name
(DNN) is positive or negative by matching the DNN value provided by the SMF
[108] when a UE [102] latches on the network against a defined list of allowed
25 DNN values.
[0125] In an exemplary aspect, the ‘SupiRangeForBSFSession’ and ‘DNNsForBSFSession’ parameters define specific criteria under which the Binding Support Function (BSF) [132] is engaged during session management within a 5G
31

network. These parameters are managed by the Policy Control Function (PCF) [122] to ensure that the BSF [132] is involved only when necessary, optimizing network resource usage and performance.
[0126] The ‘SupiRangeForBSFSession’ parameter specifies a particular range of
5 Subscription Permanent Identifiers (SUPIs), which are unique identifiers assigned
to users in the network. The range is defined as 405870000000000 to
405879999999999. This range indicates that only users with SUPIs falling within
these numbers will trigger the involvement of the BSF [132] during session
establishment or modification. For example, if a user has a SUPI of
10 405870123456789, which is within this range, the PCF [122] will involve the BSF
[132] when managing that user’s session.
[0127] The ‘DNNsForBSFSession’ parameter lists specific Data Network Names
(DNNs) for which the BSF should be involved. In this case, the DNNs are "IMS"
(IP Multimedia Subsystem) and "EMERGENCY." This means that when a user
15 initiates a session for services related to IMS, such as Voice over LTE (VoLTE), or
for emergency services, the PCF will involve the BSF as part of the session setup process.
[0128] By configuring the parameters, the PCF [122] can efficiently manage
network sessions by involving the BSF [132] only for users within the specified
20 SUPI range and for sessions involving the listed DNNs. The selective engagement
of the BSF [132] reduces unnecessary processing to facilitate better resource optimization and enhancing overall network performance.
[0129] At step 508, if SUPI for BSF [132] is in range, the process initiates
registration request to BSF. In an exemplary aspect, if the requested DNN matches
25 at least one entry in this list, it is considered a "positive" DNN status, meaning the
requested network or service is permitted. This request is essential for establishing the network session by the SMF [108] when a UE [102] latches on the network. The processing unit [308] uses the positive DNN status to ensure that the session
32

setup is properly communicated to the BSF [132], enabling the user equipment to connect to the network service as requested.
[0130] At step 510, if SUPI for BSF [132] is not in range, binding request to BSF [132] is not initiated. In an exemplary aspect, the processing unit [308] performs the network session denial action based on the failure in matching the SUPI value with at least one SUPI value in the list of Subscription Permanent Identifier (SUPI) value. In an exemplary aspect, If the determining unit [304] finds that the user's SUPI does not match any value in the list of valid SUPIs, the processing unit [308] responds by performing a network session denial action. By performing network session denial action, the processing unit [308] helps in maintaining network security and policy compliance by preventing unauthorized access based on invalid SUPIs.
[0131] The present disclosure further discloses a non-transitory computer readable storage medium storing instructions for establishing a network session at a Binding Support Function (BSF), the instructions include executable code which, when executed by one or more units of a system, causes: a transceiver unit [302] to receive a message request comprising at least a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value. The instructions when executed further causes a determining unit [304] to determine a positive SUPI status based on a positive matching of the SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value. The instructions when executed further causes a retrieving unit [306] to retrieve a list of Data Network Name (DNN) associated with a user equipment (UE) [102] based on the positive SUPI status. The instructions when executed further causes the determining unit [304] to determine a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN. The instructions when executed further causes a processing unit [308] to initiate, from the PCF [122] to the Binding Support Function (BSF) [132], a registration request to establish the network session of the UE [102], based on the positive DNN status.

[0132] As is evident from the above, the present disclosure provides a technically advanced solution for system for establishing a network session at a Binding Support Function (BSF). The present solution provides an efficient session Management by streamlining the process of session establishment and modification in a 5G network. It allows the PCF to quickly determine whether a session should be allowed or denied based on the user's SUPI and the requested DNN. The present solution further provides optimized resource usage by narrowing down the involvement of the BSF to specific ranges of SUPIs, the network resources are used more efficiently, as the BSF doesn't need to be involved in every session attempt. The present solution further provides a simplified network management by providing a straightforward way for the Policy Control Function (PCF) to control the behavior of the BSF. This simplifies network management and configuration, making it easier to maintain and adapt to changing requirements. The present solution further provides reduced processing load as the BSF is involved only for specified SUPI ranges and DNNs, the overall processing load on the BSF and associated network components is reduced. This can contribute to better overall network performance. The present solution further provides scalability as the network grows and handles more users and sessions; the invention's approach helps maintain scalability. Efficient resource utilization and reduced processing demands allow the network to accommodate increased demand without sacrificing performance.
[0133] Further, in accordance with the present disclosure, it is to be acknowledged that the functionality described for the various the components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve the intended

functionality described herein, are considered to be encompassed within the scope of the present disclosure.
[0134] While considerable emphasis has been placed herein on the disclosed implementations, it will be appreciated that many implementations can be made and that many changes can be made to the implementations without departing from the principles of the present disclosure. These and other changes in the implementations of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.

We Claim:
1. A method for establishing a network session at a Binding Support Function
(BSF), the method comprising:
- receiving, by a transceiver unit [302] at a Policy Control Function (PCF) [122], a message request comprising at least a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value;
- determining, by a determining unit [304] at the PCF [122], a positive SUPI status based on a positive matching of the SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value;
- retrieving, by a retrieving unit [306] at the PCF [122], a list of Data Network Name (DNN) associated with a user equipment (UE) [102] based on the positive SUPI status;
- determining, by the determining unit [304], a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN; and
- initiating, by a processing unit [308] at the PCF [122], a registration request to a Binding Support Function (BSF) [132] to establish the network session of the UE [102], based on the positive DNN status.

2. The method as claimed in claim 1, wherein the list of SUPI value is defined by the PCF [122].
3. The method as claimed in claim 1, wherein the message request is received from a session management function (SMF) [108] to initiate the network session at the BSF [132].
4. The method as claimed in claim 1 further comprising performing, by the processing unit [308] at the PCF [122], a network session denial action based on a failure in matching the SUPI value with the list of Subscription Permanent Identifier (SUPI) value.

5. A system for establishing a network session at a Binding Support Function
(BSF), the system comprises:
- a Policy Control Function (PCF) [122] comprising:
• a transceiver unit [302] configured to receive a message request comprising at least a Data Network Name (DNN) value and a Subscription Permanent Identifier (SUPI) value;
• a determining unit [304] connected with at least the transceiver unit [302], wherein the determining unit is configured to determine a positive SUPI status based on a positive matching of the SUPI value with at least one SUPI value in a list of Subscription Permanent Identifier (SUPI) value;
• a retrieving unit [306] connected with at least the determining unit [304], wherein the retrieving unit [306] is configured to retrieve a list of Data Network Name (DNN) associated with a user equipment (UE) [102] based on the positive SUPI status;
• the determining unit [304] is further configured to determine a positive DNN status based on a positive matching of the DNN value with at least one DNN value in the list of DNN; and
• a processing unit [308] connected with at least the determining unit [304], wherein the processing unit [308] is configured to initiate, from the PCF [122] to the Binding Support Function (BSF) [132], a registration request to establish the network session of the UE [102], based on the positive DNN status.

6. The system as claimed in claim 5, wherein the PCF [122] define the list of SUPI value.
7. The system as claimed in claim 5, wherein the message request is received from a session management function (SMF) [108] to initiate the network session at the BSF [132].

8. The system as claimed in claim 5, wherein the processing unit [308] is further configured to perform a network session denial action based on a failure in matching the SUPI value with at least one SUPI value in the list of Subscription Permanent Identifier (SUPI) value.