Session aggregator brokering of data stream communication
First Claim
1. A method of providing secure streamed data sessions over the Internet, comprising:
- collecting data communication performance metrics on a plurality of routers in the Internet by an orchestrator virtualized network function (VNF), where the orchestrator VNF is provided by execution on a virtual computing platform;
receiving a request for a secure streamed data session by the orchestrator VNF from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session;
analyzing the metrics on the plurality of routers by the orchestrator VNF based on the SLA identification in the request;
determining a secure routing path for the requested secure streamed data session by the orchestrator VNF based on the analyzing;
creating a routing instruction set that defines the secure routing path by the orchestrator VNF;
transmitting the routing instruction set to a session aggregator node by the orchestrator VNF;
establishing trusted end-to-end communication links between the session aggregator node and each of the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers by the session aggregator node, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone;
configuring the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers by the session aggregator node via the trusted end-to-end communication links; and
providing the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least in part on configuring the routing instructions set.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for proving secure streamed data sessions is disclosed. The system comprises a first computer system executing an orchestrator virtualized network function (VNF). The orchestrator VNF collects performance metrics on routers, receives a request for a secure streamed data session, analyzes the metrics based on the request, determines a secure routing path, creates a routing instruction set that defines the secure routing path, and transmits the routing instruction set to a session aggregator. The system further comprises a second computer system that executes the session aggregator in a trusted security zone. The session aggregator establishes trusted end-to-end communication links with a first edge router, a second edge router, and at least one of the plurality of routers and configures the routing instruction set into each of the CPE node, the first edge router, the second edge router, and the at least one router via the trusted end-to-end communication link.
315 Citations
20 Claims
-
1. A method of providing secure streamed data sessions over the Internet, comprising:
-
collecting data communication performance metrics on a plurality of routers in the Internet by an orchestrator virtualized network function (VNF), where the orchestrator VNF is provided by execution on a virtual computing platform; receiving a request for a secure streamed data session by the orchestrator VNF from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session; analyzing the metrics on the plurality of routers by the orchestrator VNF based on the SLA identification in the request; determining a secure routing path for the requested secure streamed data session by the orchestrator VNF based on the analyzing; creating a routing instruction set that defines the secure routing path by the orchestrator VNF; transmitting the routing instruction set to a session aggregator node by the orchestrator VNF; establishing trusted end-to-end communication links between the session aggregator node and each of the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers by the session aggregator node, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone; configuring the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers by the session aggregator node via the trusted end-to-end communication links; and providing the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least in part on configuring the routing instructions set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for providing secure streamed data sessions over the Internet, comprising:
-
a first computer system providing a virtual computing platform in which it executes an orchestrator virtualized network function (VNF), wherein the orchestrator VNF; collects data communication performance metrics on a plurality of routers in the Internet, receives a request for a secure streamed data session from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session, analyzes the metrics on the plurality of routers based on the SLA identification in the request, determines a secure routing path for the requested secure streamed data session based on the analyzing, creates a routing instruction set that defines the secure routing path, and transmits the routing instruction set to a session aggregator application; and a second computer system that executes the session aggregator application in a trusted security zone of the second computer system, wherein the session aggregator; establishes trusted end-to-end communication links with the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone; configures the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers via the trusted end-to-end communication links; and provides the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least on configuring the routing instruction set. - View Dependent Claims (18, 19, 20)
-
Specification