Compliance lifecycle management for cloud-based resources
US-10949406-B1 · Mar 16, 2021 · US
Method and apparatus for security assurance of a network or management function
US12212604B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12212604-B2 |
| Application number | US-201917607082-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 29, 2019 |
| Priority date | Apr 29, 2019 |
| Publication date | Jan 28, 2025 |
| Grant date | Jan 28, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present disclosure provide a method and apparatus for security assurance of a network function or service. The method comprises: generating security requirements for a network function based on a security profile and a deployment and runtime environment of the network function; generating a security policy and a security test specification for the network function based on the security requirements; deploying the network function based on the security policy; validating security compliance of the network function with the security test specification; and activating the network function or service, in response to the network function being in compliance with the security policy.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: generating original security requirements for a network or management function based on a security profile and a deployment and runtime environment of the network or management function; generating a security policy and a security test specification for the network or management function based on the security requirements; deploying and configuring the network or management function based on the security policy; validating security compliance of the network or management function with the security test specification; and activating the network or management function, in response to the network or management function being in compliance with the security policy; wherein the method further comprises: updating the original security requirements in response to: a change to the security profile; a change to the deployment and runtime environment of the network or management function; a change to a security state of the network function; and an update request; wherein the deployment and runtime environment comprises a deployment country/region; an applied industry; a deployment mode; a running ecosystem; and additional requirements provided by a network function vendor, a network operator and a service provider, and wherein the security policy at least defines: a security configuration of the network or management function, a security function and a configuration of the security function. 2. The method according to claim 1 , further comprising: identifying semantically identical security requirements and semantically similar security requirements from the original security requirements, wherein semantic similarities between the original security requirements are calculated based on a distance of the internal representations of the original security requirements, wherein the semantic similarity is represented as a distance between a plurality of paragraph vectors of the original security requirements and security requirements with a semantic similarity greater than a first threshold are identified as semantically identical security requirements, and security requirements with a semantic similarity greater than a second threshold are identified as semantically similar security requirements, wherein the first threshold is higher than the second threshold; removing extra semantically identical security requirements, wherein only one of the semantically identical security requirements is kept in the final security requirements; combining the semantically similar security requirements into a combined security requirement, wherein the combined security requirement has the highest security degree. 3. The method according to claim 1 , wherein the deployment mode indicates that the network or management function is deployed as one of a physical node, a virtualized node, and a hybrid node, and wherein the running ecosystem indicates that a communication network in which the network or management function will operate is one of a public network, a private network, and a hybrid network. 4. The method according to claim 1 , wherein the generation of the security requirements and the security test specification are implemented in an intelligent model. 5. The method according to claim 1 , wherein the security test comprises a test case, one or more test tools which are used to execute the test case, a test schedule which defines a scheduling of the test case, and a test configuration for configuring the one or more test tools. 6. The method according to claim 5 , wherein validating security compliance of the network or management function based on the security test specification comprises: for each of the at least one security test in the security test specification, configuring one or more test tools according to the test configuration; executing the test case according to the test schedule to determine whether the security test is passed; and determining, in response to all of the at least one security test being passed, that the network or management function is in compliance with the security requirements; and determining, in response to any one of the at least one security test being not passed, that the network or management function is not in compliance with the security requirements. 7. An apparatus, comprising: at least one processor; and at least one memory including computer executable instructions; the at least one memory and the computer executable instructions configured to, with the at least one processor, cause the apparatus to: generate original security requirements for a network or management function based on a security profile and a deployment and runtime environment of the network or management function; generate a security policy and a security test specification for the network or management function based on the original security requirements; deploy and configure the network or management function based on the security policy; validate security compliance of the network or management function with the security test specification; and activate the network entity, in response to the network or management function being in compliance with the security policy; wherein the at least one memory and the computer executable instructions are configured to, with the at least one processor, further cause the apparatus to: update the original security requirements in response to: a change to the security profile; a change to the deployment and runtime environment of the network or management function; a change to a security state of the network function; and an update request; wherein the deployment and runtime environment comprises a deployment country/region; an applied industry; a deployment mode; a running ecosystem; and additional requirements provided by a network function vendor, a network operator and a service provider, and wherein the security policy at least defines: a security configuration of the network or management function, a security function and a configuration of the security function. 8. The apparatus according to claim 7 , wherein the at least one memory and the computer executable instructions are configured to, with the at least one processor, further cause the apparatus to: identify semantically identical security requirements and semantically similar security requirements from the original security requirements, wherein semantic similarities between the original security requirements are calculated based on a distance of the internal representations of the original security requirements, wherein the semantic similarity is represented as a distance between a plurality of paragraph vectors of the original security requirements and security requirements with a semantic similarity greater than a first threshold are identified as semantically identical security requirements, and security requirements with a semantic similarity greater than a second threshold are identified as semantically similar security requirements, wherein the first threshold is higher than the second threshold; remove extra semantically identical security requirements, wherein only one of the semantically identical security requirements is kept in the final security requirements; combine the semantically similar security requirements into a combined security requirement, wherein the combined security requirement has the highest security degree. 9. The apparatus according to claim 7 , wherein the deployment mode indicates that the network or management function is deployed as one of a physical node, a virtualized node, and a hybrid node; and wherein the running ecosystem indicates that a communication network in which the network or management function will operate is one of a pu
Assignees
Inventors
Classifications
Testing arrangements · CPC title
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L67/10Primary
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12212604B2 cover?
- Embodiments of the present disclosure provide a method and apparatus for security assurance of a network function or service. The method comprises: generating security requirements for a network function based on a security profile and a deployment and runtime environment of the network function; generating a security policy and a security test specification for the network function based on th…
- Who is the assignee on this patent?
- Nokia Technologies Oy
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 28 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).