	US 12,341,817 B2
	Testing network communication within a zero trust security model
Marouane Balmakhtar, Fairfax, VA (US); Serge Manning, Plano, TX (US); and Greg Schumacher, Holliston, MA (US)
Assigned to T-Mobile Innovations LLC, Overland Park, KS (US)
Filed by T-Mobile Innovations LLC, Overland Park, KS (US)
Filed on Jun. 9, 2022, as Appl. No. 17/836,987.
Prior Publication US 2023/0403304 A1, Dec. 14, 2023
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/20 (2013.01) [H04L 63/10 (2013.01)]

20 Claims

1. A method of testing a communication system implementing a zero trust architecture, comprising:

sending a first request by a test equipment platform to access a first microsegment to a first policy enforcement point (PEP);

sending a first authorization request by the first PEP to a policy decision point (PDP);

in response to the first authorization request, requesting attributes associated with the test equipment platform by the PDP;

based on attributes associated with the test equipment platform received by the PDP and attributes of the first microsegment, authorizing a first access level of the test equipment platform to the first microsegment by the PDP;

sending authorization of the first access level of the test equipment platform to the first microsegment by the PDP to the first PEP;

in response to the authorization of the first access level of the test equipment platform to the first microsegment, establishing a first secure tunnel by the first PEP between the test equipment platform and the first microsegment;

sending a second request by the test equipment platform to access a second microsegment to a second PEP;

sending a second authorization request by the second PEP to the PDP;

based on attributes associated with the test equipment platform received by the PDP and attributes of the second microsegment, authorizing a second access level of the test equipment platform to the second microsegment by the PDP;

sending authorization of the second access level of the test equipment platform to the second microsegment by the PDP to the second PEP;

in response to the authorization of the second access level of the test equipment platform to the second microsegment, establishing a second secure tunnel by the second PEP between the test equipment platform and the second microsegment;

sending a first command by the test equipment platform to perform a first testing activity via the first secure tunnel to a first probe located in the first microsegment;

responsive to the first command being authorized according to the first access level, sending the first command by the first PEP to the first probe;

sending a second command by the test platform to perform a second testing activity via the second secure tunnel to a second probe located in the second microsegment;

responsive to the second command being authorized according to the second access level, sending the second command by the second PEP to the second probe;

sending first test data associated with the first testing activity by the first probe via the first secure tunnel to the test equipment platform;

sending second test data associated with the second testing activity by the second probe via the second secure tunnel to the test equipment platform;

analyzing the first test data and the second test data by the test equipment platform; and

producing a test result by the test equipment platform based on the analyzing.