Carrier network security interface for fielded devices
First Claim
1. A device associated with a network operator identity, comprising:
- a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
identifying an association between a field device and a service device based on a communication with the field device, wherein the service device is not associated with the network operator identity;
in response to the identifying the association, determining a service security protocol to enable communication between the field device and the service device via the service security protocol without authentication of the field device via the service device; and
in response to determining a communication link is successfully established via a network security protocol between the field device and a network device associated with the network operator identity, adapting communication employing a communication path between the field device and the service device to convey data via the service security protocol, wherein the communication path comprises the communication link, wherein the adapting comprises encrypting the data for communication via the communication path to be unreadable by network devices associated with the network operator identity, and wherein the data encrypted for the service security protocol is decryptable by the field device and the service device.
1 Assignment
0 Petitions
Accused Products
Abstract
Carrier-side security services for fielded devices is disclosed. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into devices associated with a carrier network. A device associated with the carrier network can authenticate field components to service components without first establishing a communications pathway to a back-end service provider. Further, the device can provide for secured communications with an authenticated field component and are not readable by carrier devices. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into a device associated with the carrier network. In a further aspect, the device can host a security services platform for back-end service providers.
-
Citations
20 Claims
-
1. A device associated with a network operator identity, comprising:
-
a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising; identifying an association between a field device and a service device based on a communication with the field device, wherein the service device is not associated with the network operator identity; in response to the identifying the association, determining a service security protocol to enable communication between the field device and the service device via the service security protocol without authentication of the field device via the service device; and in response to determining a communication link is successfully established via a network security protocol between the field device and a network device associated with the network operator identity, adapting communication employing a communication path between the field device and the service device to convey data via the service security protocol, wherein the communication path comprises the communication link, wherein the adapting comprises encrypting the data for communication via the communication path to be unreadable by network devices associated with the network operator identity, and wherein the data encrypted for the service security protocol is decryptable by the field device and the service device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
receiving, by a device associated with a network operator identity and comprising a processor, information related to determining an association between a field device and a service device, wherein the service device is not associated with the network operator identity; receiving, by the device, protocol data representing a service security protocol, in response to the determining the association, to enable communication between the field device and the service device via the service security protocol without authentication of the field device via the service device; establishing, by the device via a network security protocol, a communication link between the field device and a network device associated with the network operator identity; and adapting, by the device, transmission of data over a communication path between the field device and the service device to convey the data via the service security protocol, wherein the communication path comprises the communication link, and wherein the adapting comprises encrypting the data for communication via the communication path to be inaccessible by devices other than the field device and the service device. - View Dependent Claims (16, 17, 18)
-
-
19. A non-transitory machine-readable storage medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations, comprising:
-
determining an association between a field device and a service device, wherein the service device is not associated with a network operator identity; establishing a communication link conforming to a first security protocol between the field device and a network device associated with the network operator identity; in response to establishing the communication, determining a second security protocol, based on the association, to enable communication between the field device and the service device in conformance with the second security protocol without authentication of the field device by the service device; and adapting communication employing a communication path between the field device and the service device to convey data via the second security protocol, wherein the communication path comprises the communication link, wherein the adapting comprises encrypting the data for communication via the communication path to be inaccessible by network devices associated with the network operator identity, and wherein the data encrypted for the second security protocol can be decrypted by the field device and the service device. - View Dependent Claims (20)
-
Specification