US 9,811,686 B1
Support systems interactions with virtual network functions in a trusted security zone
Ronald R. Marquardt, Woodinville, WA (US); Lyle W. Paczkowski, Mission Hills, KS (US); and Arun Rajagopal, Leawood, KS (US)
Assigned to Sprint Communications Company L.P., Overland Park, KS (US)
Filed by Sprint Communications Company L.P., Overland Park, KS (US)
Filed on Oct. 9, 2015, as Appl. No. 14/879,324.
Int. Cl. H04L 29/06 (2006.01); G06F 21/62 (2013.01); G06Q 30/04 (2012.01)
CPC G06F 21/6245 (2013.01) [G06Q 30/04 (2013.01)] 20 Claims
OG exemplary drawing
 
1. An apparatus, comprising:
a network communication interface to communicatively couple the apparatus to a network;
a processor coupled to the network communication interface and comprising a normal partition and a secure partition;
a memory coupled to the processor and comprising a normal memory and a secure memory;
a trusted security zone comprising the secure partition and the secure memory, wherein when the processor executes the secure partition, the normal partition is prevented from executing, and wherein the trusted security zone executes a separate operating system that is inaccessible to users of the apparatus; and
a trusted orchestrator application stored in the secure memory that, when executed by the secure partition of the processor:
receives fully-detailed data from a virtualized network function of a virtual server via a trusted end-to-end communication link, wherein the data comprises a log of events performed by the virtual network function for a customer, and wherein existence of the fully-detailed data is restricted to the trusted security zone;
sanitizes the data received from the virtualized network function into sanitized data that is not restricted to the trusted security zone, wherein sanitizing the data received from the virtualized network function removes identifying information of the customer to form the sanitized data; and
transmits the sanitized data outside of the trusted security zone to a network device for providing services to the customer according to the log of events.