Securing communications in a network function virtualization (NFV) core network
First Claim
Patent Images
1. A method of electronic communication via a virtual network function (NFV) implementation of a core network, comprising:
- receiving a first domain name lookup request that comprises an abstract service name having a format that does not include a domain name suffix referencing a top-level domain;
in response to receiving the first domain name lookup request, looking up an internet protocol (IP) address of a server associated with the abstract service name;
creating a mapping between a one-time-use domain name and the IP address, where the one-time-use domain name is created dynamically;
transmitting a reply to the first domain name lookup request comprising the one-time-use domain name, wherein the one-time-use domain name is dependent on and generated according to the abstract service name such that the one-time-use domain name comprises at least a portion of the abstract service name, and wherein the one-time-use domain name is configured to prevent inclusion of the domain name in the first domain name lookup request to access a service identified by the abstract service name;
receiving a hypertext transfer protocol (HTTP) content request from a user equipment (UE), wherein the HTTP content request is a trusted HTTP content request received from a trusted browser application executing in a trusted security zone of the UE and comprises the one-time-use domain name, and wherein the trusted security zone of the UE provides hardware assisted security on the UE;
in response to receiving the HTTP content request, looking up the IP address based on the one-time-use domain name and destroying the mapping between the one-time-use domain name and the IP address;
determining, by a trusted orchestrator service that executes in a trusted security zone of a first physical host, that insufficient NFV trusted processing capacity is available to perform the trusted HTTP content request;
dynamically increasing the NFV trusted processing capacity by the trusted orchestrator service;
performing the HTTP content request using the increased NFV trusted processing capacity; and
returning a HTTP content response to the UE, wherein the HTTP content response contains content responsive to the HTTP content request, and wherein the HTTP content response does not comprise an identification of a source of the content.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of electronic communication via a virtual network function (NFV) implementation of a core network. The method comprises receiving a hypertext transfer protocol (HTTP) content request from a user equipment (UE), wherein the HTTP content request comprises an identification of a content source and determining by an orchestrator service that insufficient NFV processing capacity is available to perform the HTTP content request, where the orchestrator service is an application that executes on a first physical host. The method further comprises dynamically increasing the NFV processing capacity by the orchestrator service, performing the HTTP content request using the increased NFV processing capacity, and returning a HTTP content response to the UE, wherein the HTTP content response does not comprise identification of the content source.
251 Citations
5 Claims
-
1. A method of electronic communication via a virtual network function (NFV) implementation of a core network, comprising:
-
receiving a first domain name lookup request that comprises an abstract service name having a format that does not include a domain name suffix referencing a top-level domain; in response to receiving the first domain name lookup request, looking up an internet protocol (IP) address of a server associated with the abstract service name; creating a mapping between a one-time-use domain name and the IP address, where the one-time-use domain name is created dynamically; transmitting a reply to the first domain name lookup request comprising the one-time-use domain name, wherein the one-time-use domain name is dependent on and generated according to the abstract service name such that the one-time-use domain name comprises at least a portion of the abstract service name, and wherein the one-time-use domain name is configured to prevent inclusion of the domain name in the first domain name lookup request to access a service identified by the abstract service name; receiving a hypertext transfer protocol (HTTP) content request from a user equipment (UE), wherein the HTTP content request is a trusted HTTP content request received from a trusted browser application executing in a trusted security zone of the UE and comprises the one-time-use domain name, and wherein the trusted security zone of the UE provides hardware assisted security on the UE; in response to receiving the HTTP content request, looking up the IP address based on the one-time-use domain name and destroying the mapping between the one-time-use domain name and the IP address; determining, by a trusted orchestrator service that executes in a trusted security zone of a first physical host, that insufficient NFV trusted processing capacity is available to perform the trusted HTTP content request; dynamically increasing the NFV trusted processing capacity by the trusted orchestrator service; performing the HTTP content request using the increased NFV trusted processing capacity; and returning a HTTP content response to the UE, wherein the HTTP content response contains content responsive to the HTTP content request, and wherein the HTTP content response does not comprise an identification of a source of the content. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeT-Mobile Innovations LLC (Deutsche Telekom AG)
-
Original AssigneeSprint Communications Company LP (Deutsche Telekom AG)
-
InventorsMarquardt, Ronald R., Paczkowski, Lyle W., Persson, Carl J., Rajagopal, Arun
-
Primary Examiner(s)Patel, Dhairya A
-
Assistant Examiner(s)Khanal, Sandarva
-
Application NumberUS14/872,936Time in Patent Office1,573 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/6263 during internet communicati...H04L 12/4641 Virtual LANs, VLANs, e.g. v...H04L 2101/35 containing special prefixesH04L 2101/355 containing special suffixesH04L 2101/668 Internet protocol [IP] addr...H04L 61/3025 Domain name generation or a...H04L 61/4511 using domain name system [DNS]H04L 61/5007 Internet protocol [IP] addr...H04L 61/503 using an authentication, au...H04L 63/062 for key distribution, e.g. ...H04L 63/20 for managing network securi...H04L 67/02 based on web technology, e....H04L 67/60 Scheduling or organising th...H04L 9/3234 involving additional secure...
