US 12,015,687 B2
Securing communications in a network function virtualization (NFV) core network
Ronald R. Marquardt, Woodinville, WA (US); Lyle W. Paczkowski, Mission Hills, KS (US); Carl J. Persson, Olathe, KS (US); and Arun Rajagopal, Leawood, KS (US)
Assigned to T-Mobile Innovations LLC, Overland Park, KS (US)
Filed by T-Mobile Innovations LLC, Overland Park, KS (US)
Filed on Apr. 19, 2022, as Appl. No. 17/724,366.
Application 17/724,366 is a division of application No. 16/698,639, filed on Nov. 27, 2019, granted, now 11,363,114.
Application 16/698,639 is a division of application No. 14/872,936, filed on Oct. 1, 2015, granted, now 10,542,115, issued on Jan. 21, 2020.
Prior Publication US 2022/0239757 A1, Jul. 28, 2022
Int. Cl. H04L 67/60 (2022.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01); H04L 12/46 (2006.01); H04L 61/3015 (2022.01); H04L 61/4511 (2022.01); H04L 61/5007 (2022.01); H04L 61/503 (2022.01); H04L 67/02 (2022.01); H04L 101/35 (2022.01); H04L 101/355 (2022.01); H04L 101/668 (2022.01)
CPC H04L 67/60 (2022.05) [H04L 9/3234 (2013.01); H04L 12/4641 (2013.01); H04L 61/3025 (2013.01); H04L 61/4511 (2022.05); H04L 61/5007 (2022.05); H04L 61/503 (2022.05); H04L 63/062 (2013.01); H04L 63/20 (2013.01); H04L 67/02 (2013.01); H04L 2101/35 (2022.05); H04L 2101/355 (2022.05); H04L 2101/668 (2022.05)] 16 Claims
OG exemplary drawing
 
1. A method of providing a trusted communication service using network function virtualization (NFV), comprising:
determining by a trusted orchestrator service that a communication processing load of a common function supported by at least one virtual server executing in a NFV core network is greater than a predefined processing load threshold, where the trusted orchestrator service is an application that executes in a trusted security zone of a first physical host that provides hardware assisted security;
in response to the determination of the processing load being greater than the predefined processing load threshold, creating by the trusted orchestrator service a second virtual server on a second physical host that provides hardware assisted security;
requesting by the trusted orchestrator service a plurality of trust keys from a trusted repository of trust keys, wherein the trusted orchestrator service communicates over a trusted end-to-end communication link with the trusted repository of trust keys to obtain the plurality of trust keys;
initiating by the trusted orchestrator service at least one instance of the common function in the second virtual server, wherein the at least one instance of the common function is configured with at least one of the plurality of trust keys received from the trusted repository;
enabling by the trusted orchestrator service a trusted security zone of the second physical host; and
provisioning by the trusted orchestrator service the plurality of trusted keys into the enabled trusted security zone of the second physical host.