Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
First Claim
1. A method of wireless communication enabled by hardware assisted security, comprising:
- receiving a trusted communication request from an enhanced node B (eNB) by an interface application, where the interface application is part of a virtualized network function provided by a virtual server executing in a virtual computing environment;
determining by a security monitor module of the virtualized network function that the trusted communication request has been received, where the security monitor module executes in a trusted security zone of compute resources provided by the virtual computing environment and wherein the trusted security zone provides hardware assisted security;
allocating a trustlet by the security monitor module to handle the trusted communication request of the eNB, where the trustlet executes in the trusted security zone, is associated with the interface application, and is part of the virtualized network function;
establishing trusted signaling by the trustlet with two or more serving gateway, mobility management entity (MME), home subscriber server (HSS), policy and charging rules function (PCRF) server virtualized network functions provided by virtual servers executing in the virtual computing environment; and
sending a trust token by the trustlet to the eNB, whereby a trusted communication link from the eNB is established via a virtualized network function path through the virtual computing environment.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for providing a trusted communication link in a wireless network. A mobility management entity (MME) interface of a MME virtualized network function (VNF) receives a trusted communication request. A MME interface trustlet is allocated to execute in a trusted security zone of compute resources provided by a virtual computing environment in which the MME VNF executes. The MME interface trustlet establishes trusted signaling with two or more different VNFs provided by virtual servers executing in the virtual computing environment. The MME interface trustlet sends a trust token to the eNB to establish the trusted communication link from the eNB via a virtualized network function path through the virtual computing environment.
683 Citations
20 Claims
-
1. A method of wireless communication enabled by hardware assisted security, comprising:
-
receiving a trusted communication request from an enhanced node B (eNB) by an interface application, where the interface application is part of a virtualized network function provided by a virtual server executing in a virtual computing environment; determining by a security monitor module of the virtualized network function that the trusted communication request has been received, where the security monitor module executes in a trusted security zone of compute resources provided by the virtual computing environment and wherein the trusted security zone provides hardware assisted security; allocating a trustlet by the security monitor module to handle the trusted communication request of the eNB, where the trustlet executes in the trusted security zone, is associated with the interface application, and is part of the virtualized network function; establishing trusted signaling by the trustlet with two or more serving gateway, mobility management entity (MME), home subscriber server (HSS), policy and charging rules function (PCRF) server virtualized network functions provided by virtual servers executing in the virtual computing environment; and sending a trust token by the trustlet to the eNB, whereby a trusted communication link from the eNB is established via a virtualized network function path through the virtual computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of wireless communication enabled by hardware assisted security, comprising:
-
receiving a trusted communication request from an enhanced node B (eNB) by an interface application, where the interface application is part of a virtualized network function provided by a virtual server executing in a virtual computing environment; allocating a trustlet to the eNB that requested the trusted communication, where the trustlet executes in a trusted security zone of compute resources provided by the virtual computing environment, is associated with the interface application, and is part of the virtualized network function; establishing trusted signaling by the trustlet with two or more serving gateway, mobility management entity (MME), home subscriber server (HSS), policy and charging rules function (PCRF) server virtualized network functions provided by virtual servers executing in the virtual computing environment; and sending a trust token by the trustlet to the eNB, whereby a trusted communication link from the eNB is established via a virtualized network function path through the virtual computing environment. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of wireless communication enabled by hardware assisted security, comprising:
-
receiving a trusted communication request from an enhanced node B (eNB) by an interface application, where the interface application is part of a virtualized network function provided by a virtual server executing in a virtual computing environment; determining by a security monitor module of the virtualized network function that the trusted communication request has been received, where the security monitor module executes in a trusted security zone of compute resources provided by the virtual computing environment and wherein the trusted security zone provides hardware assisted security; allocating a trustlet by the security monitor module to handle the trusted communication request of the eNB, where the trustlet executes in the trusted security zone, is associated with the interface application, and is part of the virtualized network function; establishing trusted signaling by the trustlet with two or more serving gateway, mobility management entity (MME), home subscriber server (HSS), policy and charging rules function (PCRF) server virtualized network functions provided by virtual servers executing in the virtual computing environment; sending a trust token by the trustlet to the eNB, whereby a trusted communication link from the eNB is established via a virtualized network function path through the virtual computing environment; and terminating, by the security monitor module, the trustlet and causing, by the security monitor module, permissive environment processing to resume in response to the trustlet indicating that trusted communication via the trusted communication link is completed. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification