TECHNOLOGIES FOR SECURE BOOTSTRAPPING OF VIRTUAL NETWORK FUNCTIONS
First Claim
1. A virtual network function (VNF) bootstrap service (VBS) agent of a VNF instance for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture, the VBS agent comprising:
- a VBS capture protocol execution module to (i) transmit a start message to a VBS of the NFV network architecture, wherein the VBS is communicatively coupled to the VBS agent, and wherein the start message provides an indication that the VBS agent is instantiated, (ii) receive a start response message from the VBS in response to transmission of the start message, (iii) transmit a registration request message to the VBS in response to receiving the start response message, wherein the registration request message includes a security quote usable to authenticate the VBS agent as the transmitter of the registration request message and a security credential request to request a security credential from the VBS, and (iv) receive a registration response message from the VBS, wherein the registration response message includes a security credential that indicates that the security quote and the security credential request have been validated by the VBS.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.
-
Citations
30 Claims
-
1. A virtual network function (VNF) bootstrap service (VBS) agent of a VNF instance for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture, the VBS agent comprising:
a VBS capture protocol execution module to (i) transmit a start message to a VBS of the NFV network architecture, wherein the VBS is communicatively coupled to the VBS agent, and wherein the start message provides an indication that the VBS agent is instantiated, (ii) receive a start response message from the VBS in response to transmission of the start message, (iii) transmit a registration request message to the VBS in response to receiving the start response message, wherein the registration request message includes a security quote usable to authenticate the VBS agent as the transmitter of the registration request message and a security credential request to request a security credential from the VBS, and (iv) receive a registration response message from the VBS, wherein the registration response message includes a security credential that indicates that the security quote and the security credential request have been validated by the VBS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
13. One or more computer-readable storage media comprising a plurality of instructions stored thereon that in response to being executed cause a virtual network function (VNF) bootstrap service (VBS) agent of a VNF instance of a network functions virtualization (NFV) network architecture for bootstrapping virtual network functions in the NFV network architecture to:
-
transmit a start message to a VBS of the NFV network architecture communicatively coupled to the VBS agent, wherein the start message provides an indication that the VBS agent is instantiated; receive, in response to the start message, a start response message from the VBS; transmit a registration request message to the VBS in response to receiving the start response message, wherein the registration request message includes a security quote usable to authenticate the VBS agent as the transmitter of the registration request message and a security credential request to request a security credential from the VBS; and receive a registration response message from the VBS, wherein the registration response message includes a security credential that indicates each of the security quote and the security credential request have been validated by the VBS. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture, the method comprising:
-
transmitting, by a VNF bootstrap service (VBS) agent of a VNF instance of the NFV network architecture, a start message to a VBS of the NFV network architecture communicatively coupled to the VBS agent, wherein the start message provides an indication that the VBS agent is instantiated; receiving, by the VBS agent and in response to the start message, a start response message from the VBS; transmitting, by the VBS agent, a registration request message to the VBS in response to receiving the start response message, wherein the registration request message includes a security quote usable to authenticate the VBS agent as the transmitter of the registration request message and a security credential request to request a security credential from the VBS; and receiving, by the VBS agent, a registration response message from the VBS, wherein the registration response message includes a security credential that indicates each of the security quote and the security credential request have been validated by the VBS. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A virtual network function (VNF) bootstrap service (VBS) agent of a VNF instance for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture, the VBS agent comprising:
-
means for transmitting a start message to a VBS of the NFV network architecture communicatively coupled to the VBS agent, wherein the start message provides an indication that the VBS agent is instantiated; means for receiving, in response to the start message, a start response message from the VBS; means for transmitting a registration request message to the VBS in response to receiving the start response message, wherein the registration request message includes a security quote usable to authenticate the VBS agent as the transmitter of the registration request message and a security credential request to request a security credential from the VBS; and means for receiving a registration response message from the VBS, wherein the registration response message includes a security credential that indicates each of the security quote and the security credential request have been validated by the VBS. - View Dependent Claims (27, 28, 29, 30)
-
Specification