Support systems interactions with virtual network functions in a trusted security zone
First Claim
1. An apparatus, comprising:
- a network communication interface to communicatively couple the apparatus to a network;
a processor coupled to the network communication interface and comprising a normal partition and a secure partition;
a memory coupled to the processor and comprising a normal memory and a secure memory;
a trusted security zone comprising the secure partition and the secure memory, wherein when the processor executes the secure partition, the normal partition is prevented from executing, and wherein the trusted security zone executes a separate operating system that is inaccessible to users of the apparatus; and
a trusted orchestrator application stored in the secure memory that, when executed by the secure partition of the processor;
receives fully-detailed data from a virtualized network function of a virtual server via a trusted end-to-end communication link, wherein the data comprises a log of events performed by the virtual network function for a customer, and wherein existence of the fully-detailed data is restricted to the trusted security zone;
sanitizes the data received from the virtualized network function into sanitized data that is not restricted to the trusted security zone, wherein sanitizing the data received from the virtualized network function removes identifying information of the customer to form the sanitized data; and
transmits the sanitized data outside of the trusted security zone to a network device for providing services to the customer according to the log of events.
6 Assignments
0 Petitions
Accused Products
Abstract
An apparatus, comprising a network communication interface to communicatively couple the apparatus to a network, a processor coupled to the network communication interface, a memory coupled to the processor and comprising a trusted security zone, and a trusted orchestrator application stored in the trusted security zone of the memory that. When the application is executed by the processor, it receives fully-detailed data from a virtualized network function of a virtual server via a trusted end-to-end communication link, wherein the data comprises a log of events performed by the virtual network function for a customer. The application then sanitizes the data received from the virtualized network function and transmits the sanitized data outside of the trusted security zone.
-
Citations
20 Claims
-
1. An apparatus, comprising:
-
a network communication interface to communicatively couple the apparatus to a network; a processor coupled to the network communication interface and comprising a normal partition and a secure partition; a memory coupled to the processor and comprising a normal memory and a secure memory; a trusted security zone comprising the secure partition and the secure memory, wherein when the processor executes the secure partition, the normal partition is prevented from executing, and wherein the trusted security zone executes a separate operating system that is inaccessible to users of the apparatus; and a trusted orchestrator application stored in the secure memory that, when executed by the secure partition of the processor; receives fully-detailed data from a virtualized network function of a virtual server via a trusted end-to-end communication link, wherein the data comprises a log of events performed by the virtual network function for a customer, and wherein existence of the fully-detailed data is restricted to the trusted security zone; sanitizes the data received from the virtualized network function into sanitized data that is not restricted to the trusted security zone, wherein sanitizing the data received from the virtualized network function removes identifying information of the customer to form the sanitized data; and transmits the sanitized data outside of the trusted security zone to a network device for providing services to the customer according to the log of events. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method executed in a communications network, comprising:
-
receiving, by a transceiver in a trusted security zone, a log of event details restricted to the trusted security zone and describing billing events executed by a virtualized network function from the virtualized network function, wherein the billing events indicate events for which a customer should be billed; sanitizing, by a processor in the trusted security zone, the log of event details to remove information having a predetermined level of specificity, wherein sanitizing the log of events comprises transforming the log of event details into categories, and wherein sanitizing the log of event details removes identifying information of the customer to form a sanitized log of event details; and transmitting by the transceiver, the sanitized log of event details, wherein the processor comprises a secure partition and a normal partition, and the trusted security zone comprises the secure partition, wherein when the processor executes the secure partition in the trusted security zone, the processor is prevented from executing the normal partition outside of the trusted security zone, and wherein the trusted security zone executes a separate operating system that is inaccessible to device users. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method executed in a communications network, comprising:
-
receiving, by a transceiver in a trusted security zone, a log of event details restricted to the trusted security zone and describing network events executed by a virtualized network function from the virtualized network function, wherein the network events indicate a network activity that should take place on a network; receiving from an outside network device, a predetermined level of specificity for information that should be removed from the log of event details; sanitizing, by a processor in the trusted security zone, the log of event details to remove information having the received predetermined level of specificity, wherein sanitizing the log of event details removes identifying information of a customer to form a sanitized log of event details; and transmitting by the transceiver, the sanitized log of event details to the outside network device, wherein the processor comprises a secure partition and a normal partition, and the trusted security zone comprises the secure partition, wherein when the processor executes the secure partition in the trusted security zone, the processor is prevented from executing the normal partition outside of the trusted security zone, and wherein the trusted security zone executes a separate operating system that is inaccessible to device users. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification