Patent Grant
10361843
The present subject matter relates generally to communication networks, and more particularly, to natively integrating blockchain technologies in the context of improving workload mobility (e.g., sharing network resources) for telecommunication networks (e.g., 4G, 5G, etc.)
An ever-increasing consumer demand, improved technological advancements (e.g., hardware/software infrastructure), and industry collaboration has driven significant growth in modern telecommunication networks and continues to drive its evolution. Indeed, each iteration or “next generation” of network capabilities, e.g., represented by standards promulgated by a Third Generation Partnership Project (3GPP), interconnects more devices, improves network bandwidth, increases data-rates, and so on. For example, a transition from 3rd Generation (3G) networks to 4th Generation (4G) networks introduced new network services and connected mobile devices to third party data networks such as the Internet. More recently, a transition is underway from existing 4G networks to new 5G networks, which provides a new service-oriented architecture for provisioning network services/resources in a dynamic, scalable, and customizable fashion (e.g., micro-services, Network Functions Virtualization (NFV), etc.) However, while many of these networks provide robust security for air-interface communications (e.g., between User Equipment (UE) and Radio Access Networks (RANs), security within respective core networks varies between mobile service providers based on their own policies, standards, maturity, and so on. In turn, these varying levels of security make inter-operability, roaming, and network resource sharing between these mobile service providers complicated and expensive.
The embodiments herein may be better understood by referring to the following description in conjunction with the accompanying drawings in which like reference numerals indicate identical or functionally similar elements. Understanding that these drawings depict only exemplary embodiments of the disclosure and are not therefore to be considered to be limiting of its scope, the principles herein are described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Overview
This disclosure describes techniques for improving workload mobility and network resource sharing between domains of a telecommunication network (e.g., 4G/5G networks, etc.) using a natively integrated blockchain platform. In particular, these techniques leverage the blockchain platform to build trust by authenticating workloads, Virtual/Network Functions (V/NFs), and network resources associated therewith. For example, according to one or more embodiments of this disclosure, a network slice manager device (or entity) receives a workload mobility request to add network resources to a domain in the communication network, and authenticates a Virtual Network Function (VNF) with a Blockchain Authentication Function (BAF) entity over a blockchain network interface based on the workload mobility request. The network slice manager further receives an indication of a successful authentication from the BAF entity, and instantiates the VNF in the domain of the communication network based on the indication of the successful authentication. Notably, these authentication processes may be readily adapted to instantiate new network resources, or to migrate existing network resources between domains.
Description
Various embodiments of the disclosure are discussed in detail below. While specific implementations are described in detail, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without departing from the spirit and scope of the disclosure.
As provided herein, this disclosure relates to communication networks (e.g., telecommunication networks), which include a number of network devices/modules/entities “Network Function(s)” (NF(s)), as is appreciated by those skilled in the art. For sake of clarity, the NFs described herein are based on NFs specified by existing Technical Specifications such as the 3GPP TS 23.501, TS 23.502, TS 24.501, TS 29.509, TS 29.518, TS 33.301, TS 33.501, each of which is incorporated herein by reference to its entirety. Moreover, while some operations and functionality may be described and/or attributed to a particular NF, it is appreciated that such operations are not intended to be limited to the particular NF, but may be performed by other NFs as appropriate, particularly in view of the ongoing development and evolving nature of telecommunication networks. Further, it is also appreciated that the NFs described herein may also include (or be represented by) “virtual” NFs (VNF(s)), which refer network functions employed in a virtual environment.
A communication network is a geographically distributed collection of nodes interconnected by communication links and segments for transporting data between end nodes, such as mobile devices, computers, personal computing devices (and so on), and other devices, such as network entities, sensors, etc. Many types of networks are available, ranging from local area networks (LANs) to wide area networks (WANs). LANs typically connect these nodes over dedicated private communications links located in the same general physical location, such as a building or campus. WANs, on the other hand, typically connect geographically dispersed nodes over long-distance communications links, such as common carrier telephone lines, optical lightpaths, synchronous optical networks (SONET), synchronous digital hierarchy (SDH) links, etc. Some communication networks can include telecommunication networks, which transport data between end nodes, such as user equipment (UE), which can include mobile devices.
Those skilled in the art will understand that any number of nodes, devices, communication links, and the like may be used, and that the view shown herein is for simplicity. In particular, the representations of telecommunication networks 100, including respective interconnected network entities, are illustrated and described herein for purposes of discussion, not limitation, and it is appreciated that the illustrated networks can include (or exclude) any number of network entities, communication links, and the like, and can support inter-network operability and compatibility.
Access network 150 represents the infrastructure or radio towers, such as a Radio Access Network (RAN), for receiving and transmitting data packets between end user nodes (UE) as well as the various network entities (e.g., core network entities). Access network 150 includes NodeBs (NBs) for 3G network 110, eNodeBs (eNBs) for 4G network 120, and gNodeBs (gNBs) for 5G network 130. The infrastructure for each network may support different functionality and it is appreciated that infrastructure illustrated within one network can include appropriate hardware/software to support functionality of other telecommunication networks.
Respective network entities that form core network 160 (within the telecommunication networks 100) operatively connect respective RAN infrastructure (NBs, eNBs, gNBs) to third party networks such as a voice network 105 (e.g., a Public Switched Telephone Network (PSTN) network) and/or a data network 108 to create end-to-end connections. Prior to 3G (e.g., 2G, 2.5G, etc.) the third party network primarily included a voice network/PSTN 105 (e.g., a circuit switched network). From 3G onward, the third party network transitioned to include a public network (e.g., the Internet), represented by data network 108 (e.g., a packet switched network). Core network 160 and its respective network entities collectively operate to manage connections, bandwidth, and mobility for respective UE.
Notably, core network 160 generally evolved along three functional planes, including service management, session management, and mobility management. Service management for 2G and 3G networks includes operations to create an Integrated Services Digital Network (ISDN) over wireless links (e.g., Uu links). Session management for 3G and 4G networks generally include operations establish, maintain, and release network resources (e.g., data connections). In particular, in 3G network 110, session management includes a standalone General Packet Radio Service (GPRS) network, while 4G network 120 introduced a fully integrated data only network optimized for mobile broadband (where basic telephone operations are supported as one profile). Mobility management generally includes operations that support movement of UE in a mobile network, such as system registration, location tracking and handover (e.g., often optimized reduce heavy signaling loads). For example, in the context of 4G network 120, a Serving Gateway (SGW) and a Packet Data Gateway (PGW) support session management operations while mobility management operations (which maintains data sessions for mobile UE) are centralized within a Mobility Management Entity (MME).
As discussed in greater detail herein, 5G network 130 introduces a new service base architecture (SBA) 132, which generally redistributes functionality of 4G network entities into smaller service-based functions/network entities. Here, packet routing and forwarding functions (which are performed by SGW and PGW in 4G network 120) are realized as services rendered through a new network function/entity called the User Plane Function (UPF). In this fashion, 5G network 130 provides a modular set of services that support dynamic and scalable deployment of resources to satisfy diverse user demands.
The illustrative device 200 comprises one or more network interfaces 210, at least one processor 220, and a memory 240 interconnected by a system bus 250. Network interface(s) 210 contain the mechanical, electrical, and signaling circuitry for communicating data over links (e.g., wires or wireless links) within the telecommunication networks 100 (e.g., ref.
Memory 240 comprises a plurality of storage locations that are addressable by processor 220 for storing software programs and data structures associated with the embodiments described herein. Processor 220 may comprise necessary elements or logic adapted to execute the software programs and manipulate data structures 245. An operating system 242, portions of which are typically resident in memory 240 and executed by processor 220, functionally organizes the device by, inter alia, invoking operations in support of services and/or software processes executing on the device/module. These services and/or software processes may comprise an illustrative “workload mobility” process/service 244, as described herein. Note that while process/service 244 is shown in centralized memory 240, some embodiments provide for these processes/services to be operated in a distributed communication network.
Illustratively, the techniques described herein may be performed by hardware, software, and/or firmware, such as in accordance with the illustrative workload mobility process 244, which may contain computer executable instructions executed by processor 220 to perform functions relating to authenticating NFs, VNFs, and so on, with a distributed ledger technology entity (e.g., a federated, sponsored, or otherwise authorized Blockchain Authentication Function (BAF) entity), as discussed in greater detail below.
It will be apparent to those skilled in the art that other processor and memory types, including various computer-readable media, may be used to store and execute program instructions pertaining to the techniques described herein. Also, while the description illustrates various processes, it is expressly contemplated that various processes may be embodied as modules configured to operate in accordance with the techniques herein (e.g., according to the functionality of a similar process). Further, while the processes have been shown separately, those skilled in the art will appreciate that processes may be routines or modules within other processes. For example, processor 220 can include one or more programmable processors, e.g., microprocessors or microcontrollers, or fixed-logic processors. In the case of a programmable processor, any associated memory, e.g., memory 240, may be any type of tangible processor readable memory, e.g., random access, read-only, etc., that is encoded with or stores instructions that can implement program modules, e.g., a module having workload mobility process 244 encoded thereon. Processor 220 can also include a fixed-logic processing device, such as an application specific integrated circuit (ASIC) or a digital signal processor that is configured with firmware comprised of instructions or logic that can cause the processor to perform the functions described herein. Thus, program modules may be encoded in one or more tangible computer readable storage media for execution, such as with fixed logic or programmable logic, e.g., software/computer instructions executed by a processor, and any processor may be a programmable processor, programmable digital logic, e.g., field programmable gate array, or an ASIC that comprises fixed digital logic, or a combination thereof. In general, any process logic may be embodied in a processor or computer readable medium that is encoded with instructions for execution by the processor that, when executed by the processor, are operable to cause the processor to perform the functions described herein.
As noted above, a transition is currently underway from existing 4G networks to new 5G networks, which includes a new service-oriented architecture (e.g., SBA 132—
This infrastructure also creates opportunities to dynamically manage and share network resources within and across network domains, service providers, trust boundaries, and so on. In particular, this disclosure describes new mechanisms to improve workload mobility and network resource sharing using Distributed Ledger Technology (DLT) and blockchain smart contracts to provide security and establish trust within and between core networks.
Blockchain technologies generally facilitate transparent, verifiable, and secure digital asset transactions with proof of rights and ownership. For example, blockchain technologies generally employ distributed ledger technology (DLT) with built-in cryptography to enable open and trusted exchanges over the internet without requiring central servers and/or independent trusted authorities. However, despite its advantages, existing protocols/network architectures in the telecommunications context generally fail to support native blockchain technologies due, in part, to underlying security requirements for initial registration processes. For example, while blockchain technologies can be employed within existing telecommunication networks, mobile network operators and/or mobile network entities are generally unaware of blockchain transactions because such blockchain transactions generally only occur after a mobile session is established (e.g., using overlay messages), which in turn, inhibits blockchain technology integration and participation by mobile service providers.
Accordingly, embodiments of this disclosure provide a native blockchain platform that employs workload mobility processes (e.g., workload mobility process 244) to improve core network trust amongst network entities and service providers alike. For example, these workload mobility processes can include blockchain security operations to authenticate virtual workloads, establish a trusted boot, as well as remotely attest for the integrity of a workload at a time after boot. These blockchain operations can establish blockchain security credentials for various NFs (e.g., AMF, SMF, UPF, NSSF, NRF, etc.), register these NFs with blockchain service providers (sponsored/federated), and establish smart contracts between the NFs and the blockchain service providers using the distributed permissions ledger. In turn, these “trusted” NFs may be inter-operable and more easily shared within and between mobile network service providers. Similarly, the blockchain operations can also be applied to secure virtual workloads (e.g., VNFs) and establish trust through smart contracts as the virtual workloads migrate across distributed datacenters—e.g., within different domains of the same mobile service provider, across multiple service providers, and so on. In general, these workload mobility processes may satisfy security requirements amongst and between mobile network service providers, thus reducing the complexity and cost associated with the existing patchwork of varying levels of security.
Referring again to the figures,
The illustrated blockchain interfaces BCx, BCy, and BCz represent new communication links that facilitate exchanging messages or data packets between blockchain service providers (e.g., BAF(s) 305) and mobile providers (e.g., SBA 132, including underlying NFs). Notably, while some blockchain network interfaces are shown as directly connected to certain NFs of SBA 132, it is appreciated that these blockchain interfaces (e.g., BCx and BCy) can form interfaces for any of the NFs that form SBA 132 and/or other mobile operators. For example, the blockchain network interfaces may connect to the various NFs and/or mobile operators using a Security Edge Protection Proxy (SEPP) (e.g., vSEPP/hSEPP) entity, which generally operates to protect control plane traffic exchanged between PLMNs, as is appreciated by those skilled in the art.
In general, the blockchain interfaces BCx, BCy, and BCz may be used to carry information relating to parameters such as authentication vectors, UE identity (SIM/eSIM or encrypted identity), authorization parameters (e.g., eWallet), resource availability/utilization, resource sharing parameters, and so on. More specifically, blockchain interface BCx can facilitate exchanging messages related to policy request, authorization, network usage, lawful intercept, accounting, and the like. Blockchain interface BCy can facilitate exchanging messages related to secondary authentication, authorization, resource sharing, lawful intercept, network slicing, etc. Blockchain interface BCz can facilitate exchanging messages related to standalone Authentication public key pre-set, authorization, Distributed Ledger Technology query/set, etc.
Blockchain network 304 generally facilitates sharing network resources and provides security for network functions (NFs) that form SBA 132 to create specific trust boundaries across multiple service providers using distributed blockchain ledgers. Blockchain network 304 may represent an open source blockchain network or platform such distributed ledgers, hyperledger Sawtooth, and the like.
With specific reference to
Network entities or NFs that form SBA 132 include AMF 320, SMF 325, Network Slice Selection Function (NSSF) 330, Network Exposure Function (NEF) 335v | 335h, Network Repository Function (NRF) 340v | 340h, Policy Control Function (PCF) 345v | 345h, and Application Function (AF) 350. These network entities can be implemented either as a network element on a dedicated hardware, as a software instance running on a dedicated hardware, or as a virtualized function (e.g., VNF) instantiated on an appropriate platform, e.g., a cloud infrastructure, as is appreciated by those skilled in the art.
In general, UE 308 connects to RAN/Access Network (AN) 310 as well as AMF 320. Here, the RAN can include a base station while the AN can include a base station supporting non-3GPP access, e.g., Wi-Fi access. AMF 320 provides UE-based authentication, authorization, mobility management, etc. SMF 325 is responsible for session management, IP address allocation to UE(s), and traffic management/selection of a User Plane Function (UPF) (e.g., UPF 315) for proper routing/data transfer. If UE 308 has multiple sessions, different SMFs may be allocated to each session for individual management and/or different functionality per session. AF 350 generally provides information on packet flows to PCF 345v, which is responsible for policy control in order to support Quality of Service (QoS). Based on the information from AF 350, PCF 345v determines policies about mobility and session management for proper AMF/SMF operations. AUSF 355 stores authentication data for UE 308, and UDM 360 stores subscription data for UE 308. Data network 108 provides Internet access or operator services. The foregoing operations (and additional functionality) for respective network entities can be found in 3GPP Technical Specification (TS) 23.501 v 15.2.0 and TS 23.502v15.2.0, which is incorporated by herein by reference to its entirety.
As mentioned, the native blockchain platform shown in
Collectively,
Network functions virtualization (NFV) generally refers to a network architecture that replaces network functions on dedicated appliances—e.g., routers, load balancers, firewalls, etc.—with virtualized instances running as software on commercial off-the-shelf (COTS) hardware. Put differently, NFV architectures represent a logical abstraction of underlying hardware and software networking resource where the underlying physical hardware forwards packets, while the virtual network (software) provides an intelligent abstraction to facilitate deploying and managing network services/network resources.
Referring again
Network slice orchestration and management layer 410 is generally responsible for managing underlying network slices 405, including on-boarding new network services and virtual network function (VNF) packages, network slice lifecycle management, global resource management, validation and authorization of Network Functions Virtualization Infrastructure (NFVI) resource requests, manages lifecycles of VNF instances, and so on.
Virtualized Network Infrastructure (VNI) 420 generally controls and manages the NFV compute, storage, and network resources within an operator's infrastructure sub-domain. In addition, VNI 420 is also responsible for monitoring performance measurements and events. While the VNI 420 is shown as a separate layer from the network slice orchestration and management layer 410, it is appreciated that such layers may be incorporated into a single orchestration/management layer.
The NFV architecture supports multiple network slices 405 that are created atop a shared physical infrastructure. A network slice represents a logical end-to-end network service and can be dynamically created. A given User Equipment (UE) may have access to multiple slices over the same Access Network (e.g. over the same radio interface), and each slice may serve a particular service type with agreed upon Service-level Agreement (SLA). Various aspects and operations of network slicing are described in 3GPP TS 23.501, 3GPP TS 28.530, and 3GPP TS 28.531.
In addition to the network slice functionality and operations set forth in the 3GPP TS(s),
Referring to
It should be noted that orchestration/management layer 430 and orchestration/management layer 440 may be complimentary and/or overlapping in nature. For example, while the 3GPP technical specifications' currently provide high level requirements for network slice orchestration and management corresponding to the functional blocks of orchestration/management layer 430, the ETSI-NFV-MANO framework (orchestration/management layer 440) may be adopted (in part or as a whole) to achieve these high level requirements. Although the 3GPP TS 28.801 indicates a close collaboration with organizations such as ETSI to develop relevant network virtualization standards to ensure network slices can run in virtualized environments with seamless end-to-end network slice resource management capability, the illustrated ETSI-NFV-MANO framework may/may not be adopted and/or revised. However, for purposes of discussion, reference will be made to specific functional blocks for the illustrated frameworks, but it is appreciated that various substitutions of analogous or substantially similar components may be employed as appropriate.
Referring to orchestration/management layer 430, 3GPP TS 28.801 describes network slice instance lifecycle management and provides three (3) management logical functions—namely a Communication Service Management Function (CMSF) 432, a Network Slice Management Function (NSMF) 434, and a Network Slice Subnet Management Function (NSSMF) 436.
CSMF 432 is generally responsible for translating the communication service related requirement to network slice related requirements, NSMF 434 is generally responsible for management and orchestration of Network Slice Instances, and determines network slice subnet related requirements from network slice related requirements, and NSSMF 436 is generally responsible for management and orchestration of network slice subnet instance(s) (NSSI(s)). Collectively, the functional blocks of orchestration/management layer 430 can create customized virtual networks to meet the varying needs of applications, services, devices, customers or operators. In addition, these functional blocks will enable a distributed cloud to help to create flexible and programmable networks.
As mentioned, the operations of these functional blocks may be implemented by existing frameworks such as the ETSI-NFV-MANO framework represented by orchestration/management layer 440. The ETSI-NFV-MANO framework may be used, for example, to manage and orchestrate sharing of resources in a datacenter. In general, this framework facilitates deploying and connecting services as they are decoupled from dedicated physical devices and moved to virtual machines (VMs).
While the ETSI-NFV-MANO framework includes a number of network elements, for purposes of simplicity and discussion herein, we focus on three functional blocks—i.e., an NFV Orchestrator (NFV-O) 442, a VNF Manager (VNF-M) 444, and a Virtualized Infrastructure Manager (VIM) 446—which deploy and connect functions and services throughout a network.
NFV-O 442 manages on-boarding, resources and policies, and integrates new network services and VNFs into a virtual framework. NFV-O 442 also validates and authorizes NFV Infrastructure (NFVI) resource requests (not shown). VNF-M 444 operates in conjunction with NFV-O 442 and VIM 446, and generally provides lifecycle management for VNFs as well as supports interoperability of software-defined network elements. For example, VNF-M 444 can instantiate one or more new VNFs, scale VNFs, update and/or upgrade VNFs, and also terminate VNFs. In addition, VNF-M 444 monitors key performance indicators (KPIs) during VNF lifecycles, which are important when performing scaling operations, healing operations, and the like. In this fashion, VNF-M 444 maintains virtualized resources and supports VNF functionality.
VIM 446 controls and manages the NFV infrastructure, including network resources such as compute, storage, network, and the like. VIM 446 is flexible and may be configured to handle a certain type of NFVI resource (e.g. compute-only, storage-only, networking-only), and/or it may be capable of managing multiple types of NFVI resources (e.g. in NFVI nodes). In operation, VIM 446 orchestrates allocation, upgrades, releases, and reclaims of NFVI resources, manages associations between virtual and physical elements, and maintains an inventory of allocated virtual/physical resources.
Orchestration/management layer 430 and orchestration/management layer 440 can communicate with Enterprise Blockchain Network 304 and thus, BAFs 305 over blockchain network interfaces BCx/BCy. In this fashion, BAFs 305 can facilitate standard communications between blockchain service providers and mobile network service providers. In some embodiments, the illustrated orchestration and management layers may employ a Security Edge Protection Proxy (SEPP) (e.g., vSEPP/hSEPP) entity to communicate messages with BAFs 305 using HTTP REST API protocols, as is appreciated by those skilled in the art.
As described in greater detail with reference to
For example, in operation, BAFs 305 can authenticate and assign blockchain security to workloads during initial instantiation. As these workloads are moved or migrated across multi-site distributed NFVI, the BAFs 305 can authenticate and authorize these workloads in an efficient, flexible, and scalable manner. In this fashion, the BAFs 305 may be used to establish a trust relationship between workload (VNF/VM) and NFVI, which can facilitate sharing network resources across multiple service providers.
Referring again to the figures,
Schematic signaling diagrams 500 and 501 also illustrate various NFs and other network management entities that support the workload mobility processes of this disclosure. In particular, schematic signaling diagrams 500 and 501 include CMSF 432, which manages the lifecycle of network services such as internet services, enterprise applications, gaming, voice, messaging, and so on. In the particular context of 5G networks, each service requires resources, which are defined, instantiated, and managed (e.g., life-cycle management) by CMSF 432. BAF 305, described above, manages a distributed ledger for authentications, service authorization, smart contracts and security. NSMF 434 represents a cloud manager or slice manager. As discussed, network slices are logical collections of virtual network functions (VNF) (e.g., such as AMF, SMF, UPF, NRF etc.) NSMF 434 creates these VNFs and associates the VNFs into a service chain to deploy 5G services. NRF 340 generally maintains status of each VNF after instantiation by tracking resources (compute, memory, network and utilization etc.) and maintaining repository information for deployed VNFs. NFV-O 442 orchestrates and generally manages resources for VNFs, including device configurations, service configuration such as packet core, etc. NFV-O 442 maintains stateful data for each VNF and VM's deployed and configured, and synchronizes a configurations database. VNF-M 444 instantiates each VNF based on a VNF-descriptor file, which includes configuration parameters, and manages the lifecycle for each VNF. User Plane Function(s)—UPF1 and UPF2—generally handle user plane traffic between UE attached to a network and applications/servers (e.g., the Internet). UPF1 and UPF2 also manage manages session connectivity, IP address, billing, mediations and QoS managements, and so on. In schematic signaling diagram 500, UPF1 may be deployed in private cloud, while UPF2 may be deployed in a public cloud or other service provider. It is appreciated that schematic signaling diagrams 500 and 501 can include additional network entities and/or NFs (e.g., SMF, AMF, etc.) and signaling there-between, however, such network entities and/or NFs are not shown for sake of clarity.
Steps 502-520 are the same for schematic signaling diagrams 500 and 501, and generally represent signaling to instantiate UPF1 in a “trusted” domain. In particular, at step 502, CMSF 432 sends NSMF 434 an instantiation request for a new network slice. The instantiation request typically includes parameters such as number of subscribers, QoS, service definitions, and PLMN network details. In response, NSMF 434 instantiates, at step 504, UPF1 inside a new network slice and forwards all parameters. Here, as assume that the AMF and SMF (not shown) are shared across multiple network slices.
Steps 506-516 particularly show underlying signaling for instantiating UPF1 in the context of the ETSI-NFV-MANO framework. In particular, at step 506, NSMF 434 sends configuration parameters to NFV-O 442, which builds a VNF-descriptor file for each VM inside the specific VNF (e.g. a UPF VNF might include four VMs that perform smaller subnet of functions). NFV-O 442 sends the VNF descriptor file to VNF-M 444 at step 508. Notably, VNF descriptor file defines how UPF will be to be instantiated.
VNF-M 444 receives the descriptor file and creates, at step 510, VMs for UPF1 on a cloud infrastructure. Notably, this cloud infrastructure may also be referred to as a VIM (Virtual Infrastructure Manager) (e.g., VIM 446 (not shown)).
Once UPF1 is instantiated, it sends, at step 512, a completion status to VNF-M 444. VNF-M 444 marks UPF1 as complete and begins monitoring resources such as CPU, memory, Input/output (I/O), hard-disk utilization etc. VNF-M 444 also notifies NFV-O 442 about completion of VNF instantiation.
At step 514, NFV-O 442 performs additional service configurations directly with UPF1. For example, some service configurations include Access point Name (APN), IP addresses pool, QoS, billing, and so on. In general, service configurations define the parameters required to set-up a particular UPF service on a VNF.
After UPF1 service is configured, tested and running, NFV-O 442 notifies NSMF 434 at step 516. In addition, UPF1 also sends a registration message at step 518 to register with NRF 340 for management of network resources. At step 520, NRF 340 provides an acknowledgement message to UPF1. Once UPF1 is instantiated in a domain, it may be migrated or moved to another domain based on a workload mobility request. For example, steps 522-534 in schematic signaling diagram 500 illustrate signaling for migrating UPF1 between domains (e.g., trusted to untrusted), while steps 536-548 in schematic diagram 501 illustrate signaling for migrating UPF1 within a PLMN and/or between different mobile service providers.
Workload Mobility Using Blockchain Authentication Between Domains (e.g., Trusted/Untrusted)
Continuing to refer to
At step 524, NSMF 434 authenticates the VNF workload with BAF 305 (e.g., a blockchain distributed ledger). For example, NSMF 434 can communicate with BAF 305 over blockchain network interfaces BCy or BCz (discussed above). If new network resources for a VNF are to be initially instantiated, NSMF 434 sends a public key and registers the workload (e.g., UPF1) with BAF 305. However, if existing network resources for the workload are to be migrated, NSMF 434 selects an appropriate BAF (e.g., BAF 305) for authentication based on blockchain credentials previously assigned to the VNF, and authenticates the VNF with BAF 305 using public-keys, as is appreciated by those skilled in the art. Notably, authentications and key exchanges are performed for each VM associated with VNF.
At step 526, NSMF 434 instantiates a new UPF (e.g., UPF2) in the public cloud domain. As mentioned, instantiating UPF2 in the public cloud domain can include adding new resources (initial instantiation) and/or migrating an existing UPF from a private cloud (trusted domain) to the public cloud (untrusted domain). In either scenario, NSMF 434 sends blockchain authentication credentials during instantiation to register the workload (for adding new network resources) or to authenticate the workload (for migrating existing network resources). Notably, signaling for NFV-O 442 and VNF-M 444 are not shown because each public-cloud may use a different form of VNF management/orchestration. A blockchain identity or blockchain credentials is/are installed with the VNF in public cloud to create a blockchain signed VNF (or a signed workload). This signed workload establishes a level of trust for subsequent migration to other domains and/or between network service providers.
At step 528, UPF2 further registers with the core network (e.g., SBA 132) by sending NRF 340 the blockchain credentials, and at step 530, NRF 340 forwards the blockchain credentials to BAF 305 (e.g., a blockchain distributed ledger technology (DLT) entity), which verifies the blockchain credentials (previously signed in step 524). This registration process continues with step 532 and step 534 where BAF 305 sends a response back to NRF 340 indicating a successful authentications, and NRF 340 sends a corresponding response to UPF2, respectively. Messages between NRF 340 and BAF 305 can be exchanged over blockchain network interfaces BCy or BCz and further, such messages may be in the form of HTTP REST API protocol. It should also be noted, there may be additional signaling to release the VNF workload associated with UPF1 (from the private cloud domain) after successful migration.
Workload Mobility Using Blockchain Authentication within a PLMN and/or to a Different Mobile Service Provider
Turning to
Beginning at step 536, CMSF 432 determines additional network resources are required in a different datacenter (e.g., within the same PLMN for the same service provider) and/or the VNF associated with the workload for UPF1 should be moved to another mobile service provider. As shown, step 536 represents the start of another workload request, where CMSF 432 sends parameters such as resources utilization, manual interventions etc. to NSMF 434.
At step 538, NSMF 434 authenticates the VNF workload with BAF 305, similar to step 524 (discussed above). For example, NSMF 434 can communicate with BAF 305 over blockchain network interfaces BCy or BCz. If new network resources for a VNF are to be initially instantiated, NSMF 434 sends a public key and registers the workload (e.g., UPF1) with BAF 305. However, if existing network resources for the workload are to be migrated, NSMF 434 selects an appropriate BAF (e.g., BAF 305) for authentication based on blockchain credentials previously assigned to the VNF, and authenticates the VNF with BAF 305 using public-keys, as is appreciated by those skilled in the art. Notably, authentications and key exchanges are performed for each VM associated with VNF. Here, NSMF 434 authenticates the existing VNF workload (UPF1) using the prior assigned blockchain credentials.
After receiving an indication of a successful authentication, NSMF 434 instantiates, at step 540, UPF2 in a public cloud and/or migrates existing UPF1 to another datacenter or to a different mobile service provider. Notably, NSMF 434 sends blockchain authentication credentials during instantiation, which credentials may be used to authenticate UPF1 during subsequent migration. Notably, signaling for NFV-O 442 and VNF-M 444 are not shown because each public-cloud may use a different form of VNF management/orchestration. A blockchain identity or blockchain credentials is/are installed with the VNF in public cloud to create a blockchain signed VNF (or a signed workload). This signed workload establishes a level of trust for subsequent migration to other domains and/or between network service providers.
At step 542, UPF2 further registers with the core network (e.g., SBA 132) by sending NRF 340 its blockchain credentials, and at step 544, NRF 340 forwards the blockchain credentials to BAF 305 (e.g., a blockchain distributed ledger technology (DLT) entity), which verifies the blockchain credentials previously signed in step 538. This registration process continues with step 546 and step 548 where BAF 305 sends a response back to NRF 340 indicating a successful authentications, and NRF 340 sends a corresponding response to UPF2, respectively. Messages between NRF 340 and BAF 305 can be exchanged over blockchain network interfaces BCy or BCz and further, such messages may be in the form of HTTP REST API protocol. It should also be noted, additional signaling to release the VNF workload associated with UPF1 from its prior domain/mobile service provider after successful migration.
Collectively,
Procedure 600 begins at step 605 and continues on to step 610 where, as discussed above, the network slice manager (e.g., an entity, a node, etc.) receives a workload mobility request from a service manager (e.g., CMSF 432). Notably, the workload mobility request can indicate network resources are required in a particular domain of the communication network, and the domain can include, for example, a private cloud domain, a public cloud domain, a trusted domain, an untrusted domain, a network slice domain, and so on.
The network slice manager entity may further define, at step 615, parameters for a virtual network function (VNF), such as a new VNF and/or an existing VNF, to host the network resources based on requirements included in the workload mobility request. Notably, as discussed above, this VNF can include a core network NF (e.g., such as the various NFs that form SBA 132) and/or the VNF can include a number of UPFs associated with UE. With respect to hosting the network resources, the VNF can include any number of Virtual Machines (VMs) and/or other virtual entities having functionality to satisfy the network resource requirement indicated in the workload mobility request.
Procedure 600 continues to step 620, where the network slice manager entity authenticates the VNF with a blockchain authentication function (BAF) entity over a blockchain network interface based on the workload mobility request. For example, the network slice manager can send the BAF entity public keys associated with the VNF for authentication. The BAF entity can compare the public keys to registered public keys previously registered for the VNF. If the public keys match, the BAF sends an indication of a successful authentication, which is received by the network slice manager at step 625. Notably, the network slice manager communicates with the BAF entity over a blockchain network interface (e.g., BCx and/or BCy) and, in some embodiments, may employ an intermediary Security Edge Protection Proxy (SEPP) entity for message exchanges. For SEPP communications, the network slice manager and/or the BAF entity may use HTTP REST application program interface calls, as is appreciated by those skilled in the art.
The network slice manager further sends, at step 630 configuration parameters associated with the VNF to a network function virtualization orchestrator (NFVO) entity (e.g., NFVO 442), which in turn, builds a VNF descriptor file that defines each network resource of the VNF for instantiation and generally coordinates instantiation procedures with a virtual network function manager (e.g., VNF-M 444). In this fashion, the network slice manager instantiates, shown by step 635, the VNF in the domain of the communication network based on the indication of the successful authentication. In some embodiments, the network slice manager further assigns blockchain credentials to the VNF, at step 640, for subsequent re-authentication, migration, etc. The blockchain credentials may be associated with a particular BAF 305, and can indicate the VNF is a signed and trusted workload.
Procedure 600 subsequently ends at step 645, but may return again to step 610 where the network slice manager receives a workload mobility request to add network resources to a domain. Notably, procedure 600 may be used to establish new network resources (e.g., new VNFs) or it may be employed to migrate existing network resources between domains. For example, the step of authenticating the VNF with the BAF entity (step 620) may be readily applied to authenticate existing or new VNFs. Likewise, the step of instantiating the VNF in the domain (step 635) can be adapted to instantiate new VNFs or migrate existing VNFs from a different domain. Notably, for migrating existing VNFs from a different domain, there are typically additional processes such as releasing the corresponding network resources from the different domain, as is appreciated by those skilled in the art.
It should also be noted that while certain steps within procedure 600 may be optional, and further, the steps shown in
The techniques described herein, therefore, improve workload mobility and network resource sharing between domains of a telecommunication network (e.g., 4G/5G networks, etc.) using a natively integrated blockchain platform. In particular, these techniques leverage the blockchain platform to build trust by authenticating workloads, network functions (NFs), virtual network functions (VNFs), and network resources associated therewith. This native blockchain platform supports new use cases that create opportunities to share network resources across multiple provider networks, increase workload mobility security, improve billing/mediation and reconciliation and create mechanisms for roaming authentication/registration using blockchain technology. In addition, the native blockchain platform provides new opportunities for the app economy and creates a new market place for Mobile virtual network operators (MVNO) participation.
While there have been shown and described illustrative embodiments of the native blockchain platform, corresponding workload mobility processes, and operations by specific network entities, it is to be understood that various other adaptations and modifications may be made within the spirit and scope of the embodiments herein. For example, the embodiments and operations disclosed herein have been described with respect to certain devices, NFs, interfaces, and systems, however it is appreciated that such embodiments are provided for purposes of example, not limitation and that the workload mobility techniques disclosed herein can be incorporated as part of existing wireless networks.
The foregoing description has been directed to specific embodiments. It will be apparent, however, that other variations and modifications may be made to the described embodiments, with the attainment of some or all of their advantages. For instance, it is expressly contemplated that the components, elements, and/or operations described herein can be implemented as software being stored on a tangible (non-transitory) computer-readable medium, devices, and memories (e.g., disks/CDs/RAM/EEPROM/etc.) having program instructions executing on a computer, hardware, firmware, or a combination thereof. Further, methods describing the various functions and techniques described herein can be implemented using computer-executable instructions that are stored or otherwise available from computer readable media. Such instructions can comprise, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on. In addition, devices implementing methods according to these disclosures can comprise hardware, firmware and/or software, and can take any of a variety of form factors. Typical examples of such form factors include laptops, smart phones, small form factor personal computers, personal digital assistants, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example. Instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures. Accordingly this description is to be taken only by way of example and not to otherwise limit the scope of the embodiments herein. Therefore, it is the object of the appended claims to cover all such variations and modifications as come within the true spirit and scope of the embodiments herein.
This application claims priority to U.S. Provisional Patent Application No. 62/682,778, filed on Jun. 8, 2018, the content of which is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4236068 | Walton | Nov 1980 | A |
| 5642303 | Small et al. | Jun 1997 | A |
| 5751223 | Turner | May 1998 | A |
| 6812824 | Goldinger et al. | Nov 2004 | B1 |
| D552603 | Tierney | Oct 2007 | S |
| 7573862 | Chambers et al. | Aug 2009 | B2 |
| D637569 | Desai et al. | May 2011 | S |
| 7975262 | Cozmei | Jul 2011 | B2 |
| 8010079 | Mia et al. | Aug 2011 | B2 |
| 8102814 | Rahman et al. | Jan 2012 | B2 |
| 8260320 | Herz | Sep 2012 | B2 |
| 8284748 | Borghei | Oct 2012 | B2 |
| 8300594 | Bernier et al. | Oct 2012 | B1 |
| 8325626 | Tóth et al. | Dec 2012 | B2 |
| 8396485 | Grainger et al. | Mar 2013 | B2 |
| 8446899 | Lei et al. | May 2013 | B2 |
| 8457145 | Zimmerman et al. | Jun 2013 | B2 |
| 8458184 | Dorogusker et al. | Jun 2013 | B2 |
| D691636 | Bunton | Oct 2013 | S |
| 8549638 | Aziz | Oct 2013 | B2 |
| 8553634 | Chun et al. | Oct 2013 | B2 |
| 8644301 | Tamhankar et al. | Feb 2014 | B2 |
| 8650279 | Mehta et al. | Feb 2014 | B2 |
| 8669902 | Pandey et al. | Mar 2014 | B2 |
| 8676182 | Bell et al. | Mar 2014 | B2 |
| 8682279 | Rudolf et al. | Mar 2014 | B2 |
| 8693367 | Chowdhury et al. | Apr 2014 | B2 |
| 8718644 | Thomas et al. | May 2014 | B2 |
| 8761174 | Jing et al. | Jun 2014 | B2 |
| 8768389 | Nenner et al. | Jul 2014 | B2 |
| 8849283 | Rudolf et al. | Sep 2014 | B2 |
| 8909698 | Parmar et al. | Dec 2014 | B2 |
| 8958318 | Hastwell et al. | Feb 2015 | B1 |
| 9060352 | Chan et al. | Jun 2015 | B2 |
| 9130859 | Knappe | Sep 2015 | B1 |
| 9173084 | Foskett | Oct 2015 | B1 |
| 9173158 | Varma | Oct 2015 | B2 |
| D744464 | Snyder et al. | Dec 2015 | S |
| 9270709 | Shatzkamer et al. | Feb 2016 | B2 |
| 9271216 | Friman et al. | Feb 2016 | B2 |
| 9281955 | Moreno et al. | Mar 2016 | B2 |
| D757424 | Phillips et al. | May 2016 | S |
| D759639 | Moon et al. | Jun 2016 | S |
| 9369387 | Filsfils et al. | Jun 2016 | B2 |
| 9389992 | Gataullin et al. | Jul 2016 | B2 |
| 9426305 | De Foy et al. | Aug 2016 | B2 |
| D767548 | Snyder et al. | Sep 2016 | S |
| 9467918 | Kwan | Oct 2016 | B1 |
| D776634 | Lee et al. | Jan 2017 | S |
| 9544337 | Eswara, et al. | Jan 2017 | B2 |
| 9569771 | Lesavich et al. | Feb 2017 | B2 |
| 9609504 | Karlqvist et al. | Mar 2017 | B2 |
| 9615268 | Navarro et al. | Apr 2017 | B2 |
| 9634952 | Gopinathan et al. | Apr 2017 | B2 |
| 9642167 | Snyder et al. | May 2017 | B1 |
| 9654344 | Chan et al. | May 2017 | B2 |
| 9712444 | Bolshinsky et al. | Jul 2017 | B1 |
| 9713114 | Yu | Jul 2017 | B2 |
| 9736056 | Vasseur et al. | Aug 2017 | B2 |
| 9762683 | Karampurwala et al. | Sep 2017 | B2 |
| 9772927 | Gounares et al. | Sep 2017 | B2 |
| 9820105 | Snyder et al. | Nov 2017 | B2 |
| D804450 | Speil et al. | Dec 2017 | S |
| 9858559 | Raleigh et al. | Jan 2018 | B2 |
| 9860151 | Ganichev et al. | Jan 2018 | B2 |
| 9933224 | Dumitriu et al. | Feb 2018 | B2 |
| 9923780 | Rao et al. | Mar 2018 | B2 |
| 9961560 | Farkas et al. | May 2018 | B2 |
| 9967906 | Verkaik et al. | May 2018 | B2 |
| 9980220 | Snyder et al. | May 2018 | B2 |
| 9985837 | Rao et al. | May 2018 | B2 |
| 9998368 | Chen et al. | Jun 2018 | B2 |
| 10108954 | Dunlevy et al. | Oct 2018 | B2 |
| 10164779 | Uhr et al. | Dec 2018 | B2 |
| 10171248 | King | Jan 2019 | B2 |
| 20030087645 | Kim et al. | May 2003 | A1 |
| 20030116634 | Tanaka | Jun 2003 | A1 |
| 20040029576 | Flykt et al. | Feb 2004 | A1 |
| 20040203572 | Aerrabotu et al. | Oct 2004 | A1 |
| 20050090225 | Muehleisen et al. | Apr 2005 | A1 |
| 20050169193 | Black et al. | Aug 2005 | A1 |
| 20050186904 | Kowalski et al. | Aug 2005 | A1 |
| 20060022815 | Fischer et al. | Feb 2006 | A1 |
| 20060030290 | Rudolf et al. | Feb 2006 | A1 |
| 20060092964 | Park et al. | May 2006 | A1 |
| 20060126882 | Deng et al. | Jun 2006 | A1 |
| 20060146803 | Bae et al. | Jul 2006 | A1 |
| 20060187866 | Werb et al. | Aug 2006 | A1 |
| 20060245406 | Shim | Nov 2006 | A1 |
| 20070037605 | Logan | Feb 2007 | A1 |
| 20070130471 | Walker Pina et al. | Jun 2007 | A1 |
| 20070239854 | Janakiraman et al. | Oct 2007 | A1 |
| 20080037715 | Prozeniuk et al. | Feb 2008 | A1 |
| 20080084888 | Yadav et al. | Apr 2008 | A1 |
| 20080101381 | Sun et al. | May 2008 | A1 |
| 20080163207 | Reumann et al. | Jul 2008 | A1 |
| 20080233969 | Mergen | Sep 2008 | A1 |
| 20090129389 | Halna DeFretay et al. | May 2009 | A1 |
| 20090203370 | Giles et al. | Aug 2009 | A1 |
| 20090282048 | Ransom et al. | Nov 2009 | A1 |
| 20090298511 | Paulson | Dec 2009 | A1 |
| 20090307485 | Weniger et al. | Dec 2009 | A1 |
| 20100039280 | Holm et al. | Feb 2010 | A1 |
| 20100097969 | De Kimpe et al. | Apr 2010 | A1 |
| 20110087799 | Padhye et al. | Apr 2011 | A1 |
| 20110142053 | Van Der Merwe et al. | Jun 2011 | A1 |
| 20110182295 | Singh et al. | Jul 2011 | A1 |
| 20110194553 | Sahin et al. | Aug 2011 | A1 |
| 20110228779 | Goergen | Sep 2011 | A1 |
| 20120023552 | Brown et al. | Jan 2012 | A1 |
| 20120054367 | Ramakrishnan et al. | Mar 2012 | A1 |
| 20120088476 | Greenfield | Apr 2012 | A1 |
| 20120115512 | Grainger et al. | May 2012 | A1 |
| 20120157126 | Rekimoto | Jun 2012 | A1 |
| 20120167207 | Beckley et al. | Jun 2012 | A1 |
| 20120182147 | Forster | Jul 2012 | A1 |
| 20120284777 | Eugenio et al. | Nov 2012 | A1 |
| 20120311127 | Kandula, Sr. et al. | Dec 2012 | A1 |
| 20120324035 | Cantu et al. | Dec 2012 | A1 |
| 20130029685 | Moshfeghi | Jan 2013 | A1 |
| 20130039391 | Skarp | Feb 2013 | A1 |
| 20130057435 | Kim | Mar 2013 | A1 |
| 20130077612 | Khorami | Mar 2013 | A1 |
| 20130088983 | Pragada et al. | Apr 2013 | A1 |
| 20130107853 | Pettus et al. | May 2013 | A1 |
| 20130108263 | Srinivas et al. | May 2013 | A1 |
| 20130115916 | Herz | May 2013 | A1 |
| 20130145008 | Kannan et al. | Jun 2013 | A1 |
| 20130155906 | Nachum et al. | Jun 2013 | A1 |
| 20130191567 | Rofougaran et al. | Jul 2013 | A1 |
| 20130203445 | Grainger et al. | Aug 2013 | A1 |
| 20130217332 | Altman et al. | Aug 2013 | A1 |
| 20130232433 | Krajec et al. | Sep 2013 | A1 |
| 20130273938 | Ng et al. | Oct 2013 | A1 |
| 20130317944 | Huang et al. | Nov 2013 | A1 |
| 20130322438 | Gospodarek et al. | Dec 2013 | A1 |
| 20130343198 | Chhabra et al. | Dec 2013 | A1 |
| 20130347103 | Veteikis et al. | Dec 2013 | A1 |
| 20140007089 | Bosch et al. | Jan 2014 | A1 |
| 20140016926 | Soto et al. | Jan 2014 | A1 |
| 20140025770 | Warfield et al. | Jan 2014 | A1 |
| 20140031031 | Gauvreau et al. | Jan 2014 | A1 |
| 20140052508 | Pandey et al. | Feb 2014 | A1 |
| 20140059655 | Beckley et al. | Feb 2014 | A1 |
| 20140087693 | Walby et al. | Mar 2014 | A1 |
| 20140105213 | A K et al. | Apr 2014 | A1 |
| 20140118113 | Kaushik et al. | May 2014 | A1 |
| 20140148196 | Bassan-Eskenazi et al. | May 2014 | A1 |
| 20140179352 | V.M. et al. | Jun 2014 | A1 |
| 20140191868 | Ortiz et al. | Jul 2014 | A1 |
| 20140198808 | Zhou | Jul 2014 | A1 |
| 20140222997 | Mermoud et al. | Aug 2014 | A1 |
| 20140233460 | Pettus et al. | Aug 2014 | A1 |
| 20140269321 | Kamble et al. | Sep 2014 | A1 |
| 20140302869 | Rosenbaum et al. | Oct 2014 | A1 |
| 20140337824 | St. John et al. | Nov 2014 | A1 |
| 20140341568 | Zhang et al. | Nov 2014 | A1 |
| 20150016286 | Ganichev et al. | Jan 2015 | A1 |
| 20150016469 | Ganichev et al. | Jan 2015 | A1 |
| 20150023176 | Korja et al. | Jan 2015 | A1 |
| 20150030024 | Venkataswami et al. | Jan 2015 | A1 |
| 20150043581 | Devireddy et al. | Feb 2015 | A1 |
| 20150063166 | Sif | Mar 2015 | A1 |
| 20150065161 | Ganesh et al. | Mar 2015 | A1 |
| 20150087330 | Prechner et al. | Mar 2015 | A1 |
| 20150103818 | Kuhn et al. | Apr 2015 | A1 |
| 20150163192 | Jain et al. | Jun 2015 | A1 |
| 20150172391 | Kasslin et al. | Jun 2015 | A1 |
| 20150223337 | Steinmacher-Burow | Aug 2015 | A1 |
| 20150256972 | Markhovsky et al. | Sep 2015 | A1 |
| 20150264519 | Mirzaei | Sep 2015 | A1 |
| 20150280827 | Adiletta et al. | Oct 2015 | A1 |
| 20150288410 | Adiletta et al. | Oct 2015 | A1 |
| 20150326704 | Ko et al. | Nov 2015 | A1 |
| 20150358777 | Gupta | Dec 2015 | A1 |
| 20150362581 | Friedman et al. | Dec 2015 | A1 |
| 20160007315 | Lundgreen et al. | Jan 2016 | A1 |
| 20160044627 | Aggarwal et al. | Feb 2016 | A1 |
| 20160099847 | Melander et al. | Apr 2016 | A1 |
| 20160100395 | Xu et al. | Apr 2016 | A1 |
| 20160105408 | Cooper et al. | Apr 2016 | A1 |
| 20160127875 | Zampini, II | May 2016 | A1 |
| 20160146495 | Malve et al. | May 2016 | A1 |
| 20160330045 | Tang et al. | Nov 2016 | A1 |
| 20160344641 | Javidi et al. | Nov 2016 | A1 |
| 20170026974 | Dey et al. | Jan 2017 | A1 |
| 20170164212 | Opsenica | Jun 2017 | A1 |
| 20170180134 | King | Jun 2017 | A1 |
| 20170180999 | Alderfer et al. | Jun 2017 | A1 |
| 20170181136 | Bharadwaj et al. | Jun 2017 | A1 |
| 20170195205 | Li et al. | Jul 2017 | A1 |
| 20170202000 | Fu et al. | Jul 2017 | A1 |
| 20170214551 | Chan et al. | Jul 2017 | A1 |
| 20170214675 | Johnsrud et al. | Jul 2017 | A1 |
| 20170243208 | Kurian et al. | Aug 2017 | A1 |
| 20170273083 | Chen et al. | Sep 2017 | A1 |
| 20170317997 | Smith et al. | Nov 2017 | A1 |
| 20170330179 | Song et al. | Nov 2017 | A1 |
| 20170330180 | Song et al. | Nov 2017 | A1 |
| 20170332421 | Sternberg et al. | Nov 2017 | A1 |
| 20170339706 | Andreoli-Fang et al. | Nov 2017 | A1 |
| 20180060835 | Martin | Mar 2018 | A1 |
| 20180063018 | Bosch et al. | Mar 2018 | A1 |
| 20180069311 | Pallas et al. | Mar 2018 | A1 |
| 20180084389 | Snyder et al. | Mar 2018 | A1 |
| 20180084427 | Huo | Mar 2018 | A1 |
| 20180136633 | Small et al. | May 2018 | A1 |
| 20180139056 | Imai et al. | May 2018 | A1 |
| 20180139107 | Senarath | May 2018 | A1 |
| 20180212970 | Chen | Jul 2018 | A1 |
| 20180253539 | Minter et al. | Sep 2018 | A1 |
| 20180294966 | Hyun et al. | Oct 2018 | A1 |
| 20180343128 | Uhr et al. | Nov 2018 | A1 |
| 20180374094 | Kohli | Dec 2018 | A1 |
| 20190012695 | Bishnoi et al. | Jan 2019 | A1 |
| 20190058709 | Kempf | Feb 2019 | A1 |
| Number | Date | Country |
|---|---|---|
| 107784748 | Mar 2018 | CN |
| WO 2013020126 | Feb 2013 | WO |
| WO 2014098556 | Jun 2014 | WO |
| WO 2015131920 | Sep 2015 | WO |
| WO 2017078657 | May 2017 | WO |
| WO 2017187011 | Nov 2017 | WO |
| WO 2018009340 | Jan 2018 | WO |
| WO 2018028777 | Feb 2018 | WO |
| WO 2018053271 | Mar 2018 | WO |
| WO 2018066362 | Apr 2018 | WO |
| Entry |
|---|
| Alexandros Kaloxylos, A Survey and an Analysis of Network Slicing in 5G Networks, IEEE (Year: 2018). |
| Ihsan H. Abdulqadder et al, Deployment of Robust Security Scheme in SDN Based 5G Network Over NFV Enabled Cloud Environment, IEEE (Year: 2018). |
| “Cisco ASR 5x00 Mobility Management Entity Administration Guide,” Version 15.0, Cisco Systems, Inc., Last updated Jun. 13, 2014, pp. 1-266. |
| “Cisco 10000 Series Router Quality of Service Configuration Guide, Chapter 20: Configuring Quality of Service for MPLS Traffic,” Cisco Systems, Inc., Updated Nov. 17, 2013, pp. 1-34. |
| “Enterprise Mobility 7.3 Design Guide, Chapter 11: CISCO Mobility Services Engine,” Cisco Systems, Inc., Updated Apr. 20, 2015, 8 pages. |
| “I Love WiFi, The difference between L2 and L3 Roaming Events,” Apr. 1, 2010, 6 pages. |
| “Quality of Service Regulation Manual,” ITU 2017, pp. 1-174. |
| “Wi-FI Location-Based Services 4.1 Design Guide,” May 20, 2008, 206 pages. |
| Afolabi, Ibrahim, et al., “Network Slicing & Softwarization: A Survey on Principles, Enabling Technologies & Solutions,” Mar. 21, 2018, pp. 1-24. |
| Ali, Z., et al., “Performance Measurement in Segment Routing Networks with IPv6 Data Plane (SRv6),” Spring Working Group, Feb. 26, 2018, pp. 1-17. |
| An, Xueli, et al., “Virtualization of Cellular Network EPC Gateways based on a Scalable SDN Architecture,” IEEE, Feb. 12, 2015, pp. 1-7. |
| Antonioli, Roberto, et al., “Dual Connectivity for LTE-NR Cellular Networks,” Research Gate, Sep. 3-6, 2017, pp. 171-175. |
| Bekan, Adnan, et al., “D5.1: Machine Learning Algorithms Development and Implementation,” 2016-2018 eWINE Consortium, 23, 2016, pp. 1-72. |
| Bogale, Tadilo Endeshaw, et al., “Machine Intelligence Techniques for Next-Generation Context-Aware Wireless Networks,” arxiv.org, Jan. 12, 2018, pp. 1-10. |
| Carter, Steve Sr., “E911 VoIP Essentials for Enterprise Deployments,” XO Communications, LLC, 2012, 9 pages. |
| Chalise, Batu K., et al., “MIMO Relaying for Multiaccess Communication in Cellular Networks,” Sensor Array and MultiChannel Signal Processing Workshop, 2008, SAM 2008, 5th IEEE, Jul. 21, 2008, pp. 146-150. |
| Cheng, W., et al., “Path Segment in MPLS Based Sement Routing Network,” Network Working Group, Oct. 2017, pp. 1-10. |
| Christidis, Konstantinos, et al., “Blockchains and Smart Contracts for the Internet of Things,” IEEE Access, Special Section on the of Research in Internet of Things (IoT), vol. 4, May 10, 2016, pp. 1-12. |
| Cox, Jacob H. Jr., et al., “Advancing Software-Defined Networks: A Survey,” IEEE, Oct. 12, 2017, pp. 25487-25526. |
| Cui, Wenzhi et al., “DiFS: Distributed Flow Scheduling for Data Center Networks,” Nanjing University, China, Jul. 28, 2013, 10 pages. |
| Doyle, Matthew G., “An IP Address Management Solution for a Server Solution Provider,” A Dissertation Submitted to The University of Liverpool, Sep. 28, 2005, 116 pages. |
| Galvan T., Carlos E., et al., “Wifi bluetooth based combined positioning algorithm,” International Meeting of Electrical Engineering Research ENIINVIE 2012, Procedia Engineering 35 (2012 ), pp. 101-108. |
| Geller, Michael, et al. , “5G Security Innovation with Cisco,” Whitepaper Cisco Public, Jun. 8, 2018, pp. 1-29. |
| Gesbert, David, “Advances in Multiuser MIMO Systems (Tutorial Part II) Emerging Topics in Multiuser MIMO Networks,” IEEE PIMRC Conference, Sep. 2007, 107 pages. |
| Halperin, Daniel, et al., “Augmenting Data Center Networks with Multi-Gigabit Wireless Links,” Aug. 15-19, 2011, SIGCOMM'11, ACM 978-1-4503-0797-0/11/08, pp. 38-49. |
| Herb, Daniel, et al., “ROAUM: How to Unblock ROAMING IoT Using BLockchain,” available at https://uploads-ssl.webflow.com/5987a08baeea4300016b7bd9/5a7a6d6cee5bc400010a08f2_Roaum_Roaming-IoT_Whitepaper.pdf, pp. 1-14. |
| Hsieh, Cynthia, “Location Awareness in VMware View 4.5 and Above,” VMware, 2011, 8 pages. |
| Husain, Syed, et al., “Mobile Edge Computing with Network Resource Slicing for Internet-of-Things,” IEEE 2017, pp. 1-7. |
| Jero, Samuel, et al., “Identifier Binding Attacks and Defenses in Software-Defined Networks,” USENIX, The Advanced Computing Systems Association, Aug. 16-18, 2017, 19 pages. |
| Ji, Philip N., et al., “Demonstration of High-Speed MIMO OFDM Flexible Bandwidth Data Center Network,” Optical Society of America, 2012, 2 pages. |
| Kandula, Srikanth, et al., “Flyways to De-Congest Data Center Networks,” Microsoft Research, Oct. 23, 2009, 6 pages. |
| Katayama, Y. et al., “MIMO Link Design Strategy for Wireless Data Center Applications,” IEEE Wireless Communications and Networking Conference: Services, Applications, and Business, 2012, 5 pages. |
| Leary, Jonathan, et al., “Wireless LAN Fundamentals: Mobility,” Jan. 9, 2004, Cisco Press, 15 pages. |
| Leonhardt, Ulf, “Supporting Location-Awareness in Open Distributed Systems,” May 1998, 186 pages. |
| Moinet, Axel, et al. “Blockchain based trust & authentication for decentralized sensor networks,” Jun. 6, 2017, 6 pages. |
| Network Heresy, “NVGRE, VXLAN and What Microsoft is Doing Right,” Oct. 3, 2011, 5 pages. |
| Norwegian National Security Authority, “N-03 Security guidance for switches and routers,” Sep. 26, 2012, pp. 1-24. |
| Saraiva de Sousa, Nathan F., et al., “Network Service Orchestration: A Survey,” IEEE Communications Surveys & Tutorials, Mar. 23, 2018, pp. 1-30. |
| Savvides, Andreas, et al., “Dynamic Fine-Grained Localization in Ad-Hoc Networks of Sensors”, Proceeding MobiCom '01 Proceedings of the 7th annual international conference on Mobile computing and networking, Jul. 2001, pp. 166-179. |
| Shwetha, D., et al.,“ A Bandwidth Request Mechanism for QoS Enhancement in Mobile WiMAX Networks,” International Journal of Advanced Research in Electrical Electronics and Instrumentation Engineering, vol. 3, Issue 1, Jan. 2014, pp. 1-8. |
| Sun, et al., “The future of Wi-Fi,” IEEE Communications Magazine, vol. 52, No. 11, Nov. 21, 2014, 166 pages. |
| Ventre, Pier Luigi, et al., “Performance Evaluation and Tuning of Virtual Infrastructure Managers for (Micro) Virtual Network Functions,” ieee.org, Nov. 7-10, 2016, pp. 1-7. |
| Wright, Joshua, “Detecting Wireless LAN MAC Address Spoofing,” Jan. 21, 2003, pp. 1-20. |
| Yang, Hui, et al. “Blockchain-based trusted authentication in cloud radio over fiber network for 5g.” Optical Communications and Networks (ICOCN), 2017 16th International Conference on. IEEE, 2017, 3 pages. |
| Zickau, Sebastian, et al., “Enabling Location-based Policies in a Healthcare Cloud Computing Environment,” 2014 IEEE 3rd International Conference on Cloud Networking (Cloudnet), Oct. 2014, pp. 353-358. |
| Morozov, Yury, “BubbleTone Blockchain: Global Telecom Ecosystem Without Intermediaries: Smart Contracts Allow Direct Interaction Between Mobile Operators, Subscribers and Service Providers,” Dec. 29, 2017, pp. 1-33. |
| “Blockchain @ Telco: How blockchain can impact the telecommunications industry and its relevance to the C-Suite,” Monitor Deloitte, Jun. 20, 2018, pp. 1-13. |
| Number | Date | Country | |
|---|---|---|---|
| 62682778 | Jun 2018 | US |
