Carrier network security interface for fielded devices
First Claim
1. A device, comprising:
- a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
in response to determining a communication link has been successfully established between a field device, that is authenticated in accord with a network security protocol to a network device associated with a network operator identity, and the network device, receiving a service security protocol from a data store remotely located from the network device to enable communication between the field device and a service device without further authentication of the field device to the service device, wherein the device is associated with the network operator identity, and wherein the service device is not associated with the network operator identity; and
facilitating encrypting data into encrypted data for transmission via a communication path between the field device and the service device to convey the encrypted data in accord with the service security protocol, wherein the communication path comprises the communication link, wherein the encrypted data is unable to be decrypted by network devices associated with the network operator identity, and wherein the encrypted data is able to be decrypted by the field device and the service device.
1 Assignment
0 Petitions
Accused Products
Abstract
Carrier-side security services for fielded devices is disclosed. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into devices associated with a carrier network. A device associated with the carrier network can authenticate field components to service components without first establishing a communications pathway to a back-end service provider. Further, the device can provide for secured communications with an authenticated field component and are not readable by carrier devices. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into a device associated with the carrier network. In a further aspect, the device can host a security services platform for back-end service providers.
-
Citations
20 Claims
-
1. A device, comprising:
-
a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising; in response to determining a communication link has been successfully established between a field device, that is authenticated in accord with a network security protocol to a network device associated with a network operator identity, and the network device, receiving a service security protocol from a data store remotely located from the network device to enable communication between the field device and a service device without further authentication of the field device to the service device, wherein the device is associated with the network operator identity, and wherein the service device is not associated with the network operator identity; and facilitating encrypting data into encrypted data for transmission via a communication path between the field device and the service device to convey the encrypted data in accord with the service security protocol, wherein the communication path comprises the communication link, wherein the encrypted data is unable to be decrypted by network devices associated with the network operator identity, and wherein the encrypted data is able to be decrypted by the field device and the service device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20)
-
-
9. A method, comprising:
-
in response to determining, by a device comprising a processor and associated with a network operator identity, that a communication link has been established between a field device and a network device associated with the network operator identity, accessing a service security protocol from a data store remotely located from the network device to enable communication between the field device and a service device without further authentication of the field device to the service device, wherein the service device is not associated with the network operator identity, and wherein the field device is authenticated to the network device in accord with a network security protocol; and initiating, by the device, encryption of data into encrypted data for transmission via a communication path between the field device and the service device to convey the encrypted data in accord with the service security protocol, wherein the communication path comprises the communication link, wherein the encrypted data is not decryptable by network devices associated with the network operator identity, and wherein the encrypted data is decryptable by the field device and the service device. - View Dependent Claims (10, 11, 12)
-
-
13. A field device, comprising:
-
a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising; in response to authenticating, based on a network security protocol, the field device to a network device associated with a network operator identity, receiving a service security protocol that enables communication between the field device and a service device without further authentication of the field device to the service device, wherein the service device is not associated with the network operator identity, and wherein the service security protocol is received from a data store located remotely from the network device; and communicating encrypted data between the field device and the service device, wherein the communicating the encrypted data is based on the service security protocol, wherein a communication path between the field device and the service device comprises the communication link, and wherein the encrypted data is decryptable by the field device and the service device but not decryptable by network devices associated with the network operator identity. - View Dependent Claims (14, 15, 16)
-
Specification