What technology area does this patent fall under?

Primary CPC classification H04W12/08. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Secure edge workload steering and access

US12177667B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12177667-B2
Application number	US-202217699388-A
Country	US
Kind code	B2
Filing date	Mar 21, 2022
Priority date	Mar 8, 2021
Publication date	Dec 24, 2024
Grant date	Dec 24, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of cloud-based 5G security, implemented by an endpoint service, comprising: receiving a request from a source for connection to a workload destination, wherein the workload destination is an edge hosted workload within an edge compute in a 5G system; determining the validity of the source, wherein the source may be authorized or unauthorized; creating a connection to the workload destination upon determination of the source being authorized; and blocking a connection to the workload destination upon determination of the source being unauthorized. 2. The method of claim 1 , wherein the connection of the source to the workload is at an application layer, direct over the most effective path, either within the edge or externally of the edge. 3. The method of claim 1 , wherein the workload exists within one of a network, subnet, and function. 4. The method of claim 1 , wherein the validation of access occurs at the substantiation of each connection, and wherein each connection is authorized on a per-resource and per-connection basis. 5. The method of claim 1 , wherein the workload only sees sessions from the endpoint service. 6. The method of claim 1 , wherein an access path is unique to the specific connection, and then torn down and forgotten at completion of that connection. 7. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform steps, for cloud-based 5G security, implemented by an endpoint service, of receiving a request from a source for connection to a workload destination, wherein the workload destination is an edge hosted workload within an edge compute in a 5G system; determining the validity of the source, wherein the source may be authorized or unauthorized; creating a connection to the workload destination upon determination of the source being authorized; and blocking a connection to the workload destination upon determination of the source being unauthorized. 8. The non-transitory computer-readable medium of claim 7 , wherein the connection of the source to the workload is at an application layer, direct over the most effective path, either within the edge or externally of the edge. 9. The non-transitory computer-readable medium of claim 7 , wherein the workload exists within one of a network, subnet, and function. 10. The non-transitory computer-readable medium of claim 7 , wherein the validation of access occurs at the substantiation of each connection, and wherein each connection is authorized on a per-resource and per-connection basis. 11. The non-transitory computer-readable medium of claim 7 , wherein the workload only sees sessions from the endpoint service. 12. The non-transitory computer-readable medium of claim 7 , wherein an access path is unique to the specific connection, and then torn down and forgotten at completion of that connection. 13. An edge compute system configured for cloud-based 5G security via an endpoint service, the edge compute system comprising: one or more processors and memory storing instructions that, when executed, cause the one or more processors to receive a request from a source for connection to a workload destination, wherein the workload destination is an edge hosted workload within an edge compute in a 5G system; determine the validity of the source, wherein the source may be authorized or unauthorized; create a connection to the workload destination upon determination of the source being authorized; and block a connection to the workload destination upon determination of the source being unauthorized. 14. The edge compute system of claim 13 , wherein the connection of the source to the workload is at an application layer, direct over the most effective path, either within the edge or externally of the edge. 15. The edge compute system of claim 13 , wherein the workload exists within one of a network, subnet, and function. 16. The edge compute system of claim 13 , wherein the validation of access occurs at the substantiation of each connection, and wherein each connection is authorized on a per-resource and per-connection basis. 17. The edge compute system of claim 13 , wherein the workload only sees sessions from the endpoint service.

Assignees

Zscaler Inc

Inventors

Classifications

H04W76/10
Connection setup · CPC title
H04W12/08Primary
Access security · CPC title

Patent family

Related publications grouped by family.

View patent family 83116538

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12177667B2 cover?: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and th…
Who is the assignee on this patent?: Zscaler Inc
What technology area does this patent fall under?: Primary CPC classification H04W12/08. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).