Network Function Virtualization Security and Trust System
First Claim
1. A method comprising:
- authenticating a first server computer executed to provide a first service on a network device;
authenticating a second server computer executed to provide a second service on the network device;
initiating chaining of the first service and the second service to form a federation of services that cooperatively operate within the network device to provide functional operation of the network device; and
verifying secure operation of the federation in accordance with cooperative operational functionality of each of the first service and the second service within the federation.
6 Assignments
0 Petitions
Accused Products
Abstract
A network function virtualization security and trust system includes a network device that operates as a virtualized network device with virtualized services provided on the network device by network nodes included in the system. Security and trust within the system can include hardware authentication of the network nodes and the network device to obtain a level of security of the hardware provisioning the operation of the virtualized services. Security and trust can also include authentication of the services being used on the virtualized network device. Services authentication can be based on monitoring and analysis of the cooperative operation of the services in the virtualized network device. The virtualized services can be dynamically changed, added or stopped. Hardware authentication and dynamic services authentication in accordance with changes in the virtualized services can dynamically maintain a level of security across the devices and the virtualized services.
48 Citations
20 Claims
-
1. A method comprising:
-
authenticating a first server computer executed to provide a first service on a network device; authenticating a second server computer executed to provide a second service on the network device; initiating chaining of the first service and the second service to form a federation of services that cooperatively operate within the network device to provide functional operation of the network device; and verifying secure operation of the federation in accordance with cooperative operational functionality of each of the first service and the second service within the federation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
an authentication server to authenticate an identity of a first network device and a second network device, the first network device executed to provide a first service for a third network device, and the second network device executed to provide a second service for the third network device; the authentication server to initiate authentication of the identity of the first network device and the second network device to create a chain of trusted devices in response to the third network device being initiated to operate using the first service and the second service; and an integrity of the chain of trusted devices being verified with the authentication server by confirmation of cooperative operation of the first service and the second service in the third device being a trusted chain of services. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A system comprising:
-
network interface circuitry configured to transmit an authentication request over a network to a first server executed to provide a first virtual service on a network device, and a second server executed to provide a second virtual service on the network device; authentication circuitry in communication with the network interface circuitry, the authentication circuitry used to authenticate an identity of the first server, the second server and the network device and develop a chain of trusted devices that includes the first server, the second server and the network device; and hypervisor circuitry in communication with the network interface circuitry, the hypervisor circuitry to develop a trusted chain of services by verification of cooperative operation of the first virtual service and the second virtual service on the network device.
-
Specification