A user device (10) provides a subscriber with access to a network service. The user device (10) determines service-specific key material and charging-specific key material. The user device (10) determines a charging record indicating usage of the network service by the subscriber and associates the charging record with first authentication information based on the charging-specific key material. The user device (10) generates at least one message including the charging record and the associated first authentication information. The user device (10) associates the at least one message with second authentication information based on the service-specific key material. The user device (10) sends the at least one message to a first network node (150) which is incapable of relating the charging-specific key material or the service-specific key material to a subscriber identity of the subscriber. The first network node (150) receives the at least one message and the associated second authentication information from the user device (10) and authenticates the at least one message based on the service-specific key material and the second authentication information. In response to authenticating the at least one message, the first network node forwards the charging record and the associated first authentication information to a second network node (120). The second network node (120) is capable of relating the charging-specific key material to the subscriber identity of the subscriber. The second network node (120) receives the charging record and the associated first authentication information from the first network node (150) and authenticates the charging record based on the charging-specific key material and the first authentication information. In response to authenticating the charging record, the second network node (120) controls charging of the network service.