System and Method for Trusted Operability When Moving Between Network Functions Virtualization States

US 20170102957A1
Filed: 10/09/2015
Published: 04/13/2017
Est. Priority Date: 10/09/2015
Status: Abandoned Application

First Claim

Patent Images

1. A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:

receiving, by a physical server operating in a virtual computing environment and associated with an NFV network, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit;

assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server, wherein the trusted hypervisor is executing on the physical server, is programmed to boot from a trusted state, and is configured to provide trusted operability using software assisted security;

assigning, by the trusted hypervisor, the first virtual server to execute the trusted process on a first core processing unit;

dedicating, by the trusted hypervisor, physical portions of cache, memory, and disk storage to the first core processing unit executing the trusted process;

executing, by the first core processing unit, the trusted process;

receiving, by the physical server operating in a virtual computing environment and associated with an NFV network, a request to execute an untrusted process;

assigning, by the trusted hypervisor, the untrusted process to execute on a second virtual server, wherein the second virtual server is different than the first virtual server executing the trusted process;

assigning, by the trusted hypervisor, the second virtual server to execute the untrusted process on a second core processing unit, wherein the second core processing unit is different than the first core processing unit that is executing the trusted process;

executing the untrusted process on the second core processing unit; and

restricting, by the trusted hypervisor, access to the trusted process executing on the first virtual server.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment is disclosed. The method comprises receiving, by a physical server, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit. The method further comprises assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server on a first core processing unit, dedicating physical portions of cache, memory, and disk storage to the first core processing unit; and executing the trusted process. The method further comprises receiving, by the physical server, a request to execute an untrusted process and assigning, by the trusted hypervisor, the execution of the untrusted process to a second virtual server on a second core processing unit, and restricting access to the trusted process.

19 Citations

View as Search Results

20 Claims

1. A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
- receiving, by a physical server operating in a virtual computing environment and associated with an NFV network, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit;
  
  assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server, wherein the trusted hypervisor is executing on the physical server, is programmed to boot from a trusted state, and is configured to provide trusted operability using software assisted security;
  
  assigning, by the trusted hypervisor, the first virtual server to execute the trusted process on a first core processing unit;
  
  dedicating, by the trusted hypervisor, physical portions of cache, memory, and disk storage to the first core processing unit executing the trusted process;
  
  executing, by the first core processing unit, the trusted process;
  
  receiving, by the physical server operating in a virtual computing environment and associated with an NFV network, a request to execute an untrusted process;
  
  assigning, by the trusted hypervisor, the untrusted process to execute on a second virtual server, wherein the second virtual server is different than the first virtual server executing the trusted process;
  
  assigning, by the trusted hypervisor, the second virtual server to execute the untrusted process on a second core processing unit, wherein the second core processing unit is different than the first core processing unit that is executing the trusted process;
  
  executing the untrusted process on the second core processing unit; and
  
  restricting, by the trusted hypervisor, access to the trusted process executing on the first virtual server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the untrusted process is assigned to the second core processing unit by a second hypervisor that does not provide trusted operability.
  - 3. The method of claim 1, wherein the second hypervisor is configured to exclusively monitor the untrusted processes executing on the processor.
  - 4. The method of claim 1, wherein the trusted hypervisor restricts access to the first virtual server, the first core processing unit, and to the cache, memory, and disk storage dedicated to the first core processing unit, to only the trusted process.
  - 5. The method of claim 1, wherein the dedicated cache, dedicated RAM memory, and dedicated disk storage, contain memory registers that are associated with an NFV state.
  - 6. The method of claim 1, wherein the NFV network provides core network services to a radio access network (RAN) that provides communication service to user equipment (UE), where the RAN supports at least one of a long term evolution (LTE), a code division multiple access (CDMA), a global system for mobile communication (GSM), and a worldwide interoperability for microwave access (WiMAX) wireless communication protocol.

7. A system for establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
- a physical server operating in a virtual computing environment and associated with an NFV network;
  
  a processor located on the physical server, comprising at least one core processing unit, wherein the processor is configured to execute a trusted process on a dedicated core processing unit;
  
  a cache dedicated to the core processing unit;
  
  a memory dedicated to the core processing unit;
  
  a disk storage dedicated to the core processing unit; and
  
  a trusted hypervisor, executing on the physical server, wherein the trusted hypervisor is programmed to boot from a trusted state, is configured to provide trusted operability using software assisted security, is configured to assign trusted processes to a dedicated core processing unit, and wherein the trusted hypervisor is configured to monitor and restrict software and hardware access to the trusted processes executing on the dedicated core processing unit.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the NFV network comprises one of the following group:
    - a NFV network, a compute network, a data network, a server, or other computer system in communication with a network operating in an NFV system.
  - 9. The system of claim 7, wherein the trusted hypervisor is configured to restrict access to the dedicated core processing unit, the dedicated cache, the dedicated memory, and the dedicated disk storage, to the trusted process.
  - 10. The system of claim 7, wherein the dedicated cache, dedicated RAM memory, and dedicated disk storage, contain memory registers that are associated with an NFV state.
  - 11. The system of claim 7, wherein the trusted hypervisor is configured to assign a single virtual server to a dedicated core processing unit executing trusted processes.
  - 12. The system of claim 7, wherein the processor is further configured to execute untrusted processes on core processing units separate from the dedicated core processing unit executing trusted processes.
  - 13. The system of claim 7, wherein the NFV network provides core network services to a radio access network (RAN) that provides communication service to user equipment (UE), where the RAN supports at least one of a long term evolution (LTE), a code division multiple access (CDMA), a global system for mobile communication (GSM), and a worldwide interoperability for microwave access (WiMAX) wireless communication protocol.

14. A system for establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
- a physical server operating in a virtual computing environment and associated with an NFV network;
  
  a processor located on the physical server, comprising one or more core processing units, wherein the processor is configured to execute a trusted process on a dedicated core processing unit;
  
  a cache dedicated to the core processing unit;
  
  a memory dedicated to the core processing unit; and
  
  a disk storage dedicated to the core processing unit;
  
  a trusted hypervisor, executing on the physical server, wherein the trusted hypervisor is programmed to boot from a trusted state, is configured to provide trusted operability using software assisted security, is configured to assign trusted processes to a dedicated core processing unit, and wherein the trusted hypervisor is configured to monitor and restrict software and hardware access to the trusted processes executing on the dedicated core processing unit; and
  
  a second hypervisor, executing on the physical server, wherein the second hypervisor does not provide trusted operability;
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the NFV network comprises one of the following group:
    - a NFV network, a compute network, a data network, a server, or other computer system in communication with a network operating in an NFV system.
  - 16. The system of claim 14, wherein the trusted hypervisor is configured to restrict access to the dedicated core processing unit, the dedicated cache, the dedicated memory, and the dedicated disk storage, to the trusted process.
  - 17. The system of claim 14, wherein the processor is further configured to execute untrusted processes on core processing units separate from the dedicated core processing unit executing trusted processes.
  - 18. The system of claim 14, wherein the second hypervisor is configured to exclusively monitor the untrusted processes executing on the processor.
  - 19. The system of claim 14, wherein the dedicated cache, dedicated RAM memory, and dedicated disk storage, contain memory registers that are associated with an NFV state.
  - 20. The system of claim 14, wherein the NFV network provides core network services to a radio access network (RAN) that provides communication service to user equipment (UE), where the RAN supports at least one of a long term evolution (LTE), a code division multiple access (CDMA), a global system for mobile communication (GSM), and a worldwide interoperability for microwave access (WiMAX) wireless communication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Marquardt, Ronald R., Paczkowski, Lyle W., Rajagopal, Arun

Application Number

US14/879,327
Publication Number

US 20170102957A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/60   Scheduling or organising th...

System and Method for Trusted Operability When Moving Between Network Functions Virtualization States

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Trusted Operability When Moving Between Network Functions Virtualization States

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links