公开(公告)号：US12301559B2

公开(公告)日：2025-05-13

申请号：US18150354

申请日：2023-01-05

Applicant: Verizon Patent and Licensing Inc.

Inventor： Shanthala Kuravangi-Thammaiah ,  Hossein M. Ahmadi ,  Vinod Kumar Choyi

IPC: H04L9/40

Abstract: In some implementations, a service communication proxy (SCP) network function device may receive, from a first network function device, a service request associated with a second network function device. The SCP network function device may transmit an access token request to a network repository function (NRF) network function device. The SCP network function device may receive, based on the access token request, an access token associated with the first network function device. The SCP network function device may transmit the service request to the second network function device, wherein the service request is transmitted to the second network function device with an indication of the access token.

公开(公告)号：US20250112908A1

公开(公告)日：2025-04-03

申请号：US18479301

申请日：2023-10-02

Applicant: Verizon Patent and Licensing Inc.

Inventor： Vinod Kumar Choyi ,  Yousif Targali

IPC: H04L9/40

Abstract: A method, a network device, and a non-transitory computer-readable storage medium are described in relation to an application authorization service. The application authorization service may be performed at an end device and invoked responsive to the launching of an application. The application authorization service may include validating an application certificate associated with the application, validating an attestation value, and validating a token provided by the application. The application may provide a request that includes an application identifier and a token. The application may be granted access to a network or denied access depending on the outcome of the validation procedures. The granted access may include assignment of a network slice. The application certificate, a secured token, and a secured attestation value may be stored in a secure environment at the end device and used for validation procedures.

公开(公告)号：US11825309B2

公开(公告)日：2023-11-21

申请号：US17511938

申请日：2021-10-27

Applicant: Verizon Patent and Licensing Inc.

Inventor： David Robert Lenrow ,  Kalyani Bogineni ,  Vinod Kumar Choyi ,  Jeffrey Melrose ,  Yousif Targali ,  Deepa Jagannatha

IPC: H04W12/088 ,  H04L12/801 ,  H04W12/06 ,  H04W12/37 ,  H04L47/12 ,  H04W8/04

CPC classification number: H04W12/088 ,  H04L47/12 ,  H04W8/04 ,  H04W12/06 ,  H04W12/37

Abstract: Systems and methods described herein enforce access controls for network slices via proxy in a secure enclave of a user equipment (UE) device. A UE device executes, in a rich execution environment (REE), a function or application designated for using one or more secure network slices of a telecommunications network. The UE device executes, in a trusted execution environment (TEE), a slice admission control proxy (SACP) to perform admission control for the one or more secure network slices, and forces network traffic for the function or application through the SACP.

公开(公告)号：US20230284028A1

公开(公告)日：2023-09-07

申请号：US18314219

申请日：2023-05-09

Applicant: Verizon Patent and Licensing Inc.

Inventor： Vinod Kumar Choyi ,  Kristen Sydney Young ,  Yousif Targali ,  Michael A. Gallagher

IPC: H04W12/12 ,  H04W12/60 ,  H04L9/40 ,  H04W28/08

CPC classification number: H04W12/12 ,  H04W12/66 ,  H04L63/20 ,  H04W28/0835 ,  H04W28/0831

Abstract: Systems and methods enable the provisioning of security as a service for network slices. A network device stores definitions of multiple security assurance levels for network slices based on security parameters of assets used in the network slices. The network device stores multiple network slice templates, wherein the multiple network slice templates have different security assurance levels, of the multiple security assurance levels, for a Network Service Descriptor (NSD). The network device receives a request for a network slice with a requested security assurance level, of the multiple security assurance levels, for the NSD, and deploys the network slice using one of the network slice templates that has a security assurance level that corresponds to the requested security assurance level. The network device monitors the security parameters of the assets of the network slice for changes to the security assurance level of the deployed network slice.

公开(公告)号：US11683691B2

公开(公告)日：2023-06-20

申请号：US17143589

申请日：2021-01-07

Applicant: Verizon Patent and Licensing Inc.

Inventor： Vinod Kumar Choyi ,  Kristen Sydney Young ,  Yousif Targali ,  Michael A. Gallagher

IPC: H04W12/12 ,  H04W12/60 ,  H04W28/08 ,  H04L9/40

CPC classification number: H04W12/12 ,  H04L63/20 ,  H04W12/66 ,  H04W28/0831 ,  H04W28/0835

Abstract: Systems and methods enable the provisioning of security as a service for network slices. A network device stores definitions of multiple security assurance levels for network slices based on security parameters of assets used in the network slices. The network device stores multiple network slice templates, wherein the multiple network slice templates have different security assurance levels, of the multiple security assurance levels, for a Network Service Descriptor (NSD). The network device receives a request for a network slice with a requested security assurance level, of the multiple security assurance levels, for the NSD, and deploys the network slice using one of the network slice templates that has a security assurance level that corresponds to the requested security assurance level. The network device monitors the security parameters of the assets of the network slice for changes to the security assurance level of the deployed network slice.

公开(公告)号：US20230128578A1

公开(公告)日：2023-04-27

申请号：US17511938

申请日：2021-10-27

Applicant: Verizon Patent and Licensing Inc.

Inventor： David Robert Lenrow ,  Kalyani Bogineni ,  Vinod Kumar Choyi ,  Jeffrey Melrose ,  Yousif Targali ,  Deepa Jagannatha

IPC: H04W12/088 ,  H04L12/801 ,  H04W12/06 ,  H04W12/37

Abstract: Systems and methods described herein enforce access controls for network slices via proxy in a secure enclave of a user equipment (UE) device. A UE device executes, in a rich execution environment (REE), a function or application designated for using one or more secure network slices of a telecommunications network. The UE device executes, in a trusted execution environment (TEE), a slice admission control proxy (SACP) to perform admission control for the one or more secure network slices, and forces network traffic for the function or application through the SACP.

公开(公告)号：US11582589B2

公开(公告)日：2023-02-14

申请号：US16899150

申请日：2020-06-11

Applicant: Verizon Patent and Licensing Inc.

Inventor： David Taft ,  Vinod Kumar Choyi ,  Maqbool Chauhan ,  Jerry Steben ,  Parry Cornell Booker ,  Hossein M. Ahmadi ,  Minbao Li ,  Sudhakar Reddy Patil

IPC: H04L29/06 ,  G06F21/00 ,  H04W4/20 ,  H04L9/40 ,  H04W12/37 ,  H04L67/56 ,  H04W84/18

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

公开(公告)号：US12177675B2

公开(公告)日：2024-12-24

申请号：US17819119

申请日：2022-08-11

Applicant: Verizon Patent and Licensing Inc.

Inventor： Vinod Kumar Choyi ,  Sudhakar Reddy Patil ,  Robert Avanes

IPC: H04W12/72 ,  H04W8/18 ,  H04W12/02 ,  H04W12/06 ,  H04W40/24 ,  H04W60/00

Abstract: In some implementations, a device of a network may receive, from a user equipment (UE), a request associated with enabling the UE to access a network, wherein the request includes a first routing indicator. The device may identify an authentication manager, of the network, that is mapped to the first routing indicator in an entry of a routing table of the network. The device may route the request to the authentication manager of the network to permit the authentication manager to authenticate the UE. The device may purge, based on the request being routed to the authentication manager, the entry to remove the first routing indicator from the routing table. The device may store, after purging the entry, a second routing indicator in the entry to map the second routing indicator to the authentication manager, wherein the second routing indicator is different from the first routing indicator.

公开(公告)号：US11968315B2

公开(公告)日：2024-04-23

申请号：US18053899

申请日：2022-11-09

Applicant: Verizon Patent and Licensing Inc.

Inventor： Vinod Kumar Choyi ,  Sudhakar Reddy Patil ,  Jayesh Kumar Laad

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/44 ,  H04L9/00 ,  H04L9/32

CPC classification number: H04L9/3268 ,  G06F9/455 ,  G06F21/44 ,  H04L9/006 ,  H04L9/3236

Abstract: Systems and methods leverage trust anchors to generate tokens which can then be used by network functions (NFs). A virtualization infrastructure manager (VIM) for a virtualized platform receives a NF software package and a certificate request token (CRT) from a management function. The NF is a virtual NF, a containerized NF, or another virtual entity (xNF) to be deployed. The CRT is digitally signed by the management function and includes a network address of a trust anchor platform and a NF profile. The VIM deploys the NF and provides the CRT to the NF. The NF obtains from the CRT the network address of the trust anchor platform, generates a certificate signing request (CSR) for a digital certificate, and submits the CSR and the CRT to the trust anchor platform. The NF receives a digital certificate from the trust anchor platform based on validation of both the CSR and CRT.

公开(公告)号：US11902445B2

公开(公告)日：2024-02-13

申请号：US18048094

申请日：2022-10-20

Applicant: Verizon Patent and Licensing Inc.

Inventor： Vinod Kumar Choyi ,  Hossein M. Ahmadi ,  Sudhakar Reddy Patil

IPC: H04L9/32 ,  H04W12/08 ,  H04W48/08 ,  H04W4/50 ,  H04L67/63 ,  H04L67/563

CPC classification number: H04L9/3213 ,  H04L9/3239 ,  H04L9/3247 ,  H04L67/563 ,  H04L67/63 ,  H04W4/50 ,  H04W12/08 ,  H04W48/08

Abstract: Systems and methods enable secure service-based communications in networks that use a Services Communications Proxy (SCP). A Network Function (NF) producer receives a service request including an authorization token and a signed service request object, wherein the service request originates from an NF consumer of the wireless core network and is forwarded to the NF producer via the SCP. The NF producer verifies the signed service request object and generates, after the verifying, a service response. The service response includes a signed service response object. The NF producer sends, to the NF consumer and via the SCP, the service response with the signed service response object.