Methods, systems, and computer readable media for using service communication proxy (SCP) to offload verification of consumer network function (NF) security certificates

What is claimed is: 1 . A method for offloading verification of consumer network function (NF) security certificates, the method comprising: receiving, by a service communication proxy (SCP), a service-based interface (SBI) request message including a consumer NF security token signed by a consumer NF for authenticating the consumer NF to a producer NF; obtaining, by the SCP and from the consumer NF security token, an identifier for a consumer NF security certificate or a copy of the consumer NF security certificate; verifying, by the SCP and on behalf of the producer NF, the consumer NF security certificate; and performing, by the SCP and based on a verification result of the consumer NF security certificate, a network security action. 2 . The method of claim 1 wherein receiving an SBI request message including a consumer NF security token includes receiving an SBI request message including a client credentials assertion (CCA) token. 3 . The method of claim 1 wherein obtaining the identifier of the consumer NF security certificate or the copy of the consumer NF security certificate includes obtaining an identifier or a copy of an X.509 certificate from the consumer NF security token. 4 . The method of claim 1 wherein verifying the consumer NF security certificate includes determining, by the SCP, whether the SCP has a valid cached verification result for the consumer NF security certificate. 5 . The method of claim 4 wherein, when the SCP has a valid cached verification result for the consumer NF security certificate, performing the network security action includes performing the network security action based on the cached verification result. 6 . The method of claim 4 wherein, when the SCP does not have a valid cached verification result for the consumer NF security certificate, verifying the consumer NF security certificate includes: transmitting, by the SCP and on behalf of the producer NF, an online certificate status protocol (OCSP) request message to a certificate authority (CA); and receiving, by the SCP and from the CA, an OCSP response message including the verification result and wherein the method further comprises caching, by the SCP, the verification result. 7 . The method of claim 6 wherein performing the network security action includes appending the verification result to the SBI request message and transmitting the SBI request message to the producer NF. 8 . The method of claim 4 wherein, when the SCP does not have a valid cached verification result for the consumer NF security certificate, verifying the consumer NF security certificate includes: checking, by the SCP and on behalf of the producer NF, a certificate revocation list (CRL); and determining the verification result from the CRL. 9 . The method of claim 1 wherein the verification result indicates that the consumer NF security certificate has expired or has been revoked and performing the network security action includes rejecting the SBI request message. 10 . The method of claim 9 wherein rejecting the SBI request message includes dropping the SBI request message and/or generating a fake response to the SBI request message. 11 . A system for offloading verification of consumer network function (NF) security certificates, the system comprising: a service communication proxy (SCP) including at least one processor and a memory; and a consumer NF security certificate verification offload manager for receiving a service-based interface (SBI) request message including a consumer NF security token signed by a consumer NF for authenticating the consumer NF to a producer NF, obtaining, from the consumer NF security token, an identifier for a consumer NF security certificate or a copy of the consumer NF security certificate, verifying, on behalf of the producer NF, the consumer NF security certificate, and performing, based on a verification result of the consumer NF security certificate, a network security action. 12 . The system of claim 11 wherein the consumer NF security token comprises a client credentials assertion (CCA) token. 13 . The system of claim 11 wherein the identifier of the consumer NF security certificate or the copy of the consumer NF security certificate comprises an identifier or a copy of an X.509 certificate. 14 . The system of claim 11 wherein, in verifying the consumer NF security certificate, the consumer NF security certificate verification offload manager is configured to determine whether the SCP has a valid cached verification result for the consumer NF security certificate. 15 . The system of claim 14 wherein, when the SCP has a valid cached verification result for the consumer NF security certificate, the consumer NF security certificate verification offload manager is configured to perform the network security action based on the cached verification result. 16 . The system of claim 14 wherein, when the SCP does not have a valid cached verification result for the consumer NF security certificate, the consumer NF security certificate verification offload manager is configured to verify the consumer NF security certificate by: transmitting, by the SCP and on behalf of the producer NF, an online certificate status protocol (OCSP) request message to a certificate authority (CA); and receiving, by the SCP and from the CA, an OCSP response message including the verification result and wherein the consumer NF security certificate verification offload manager is further configured to cache the verification result. 17 . The system of claim 16 wherein the consumer NF security certificate verification offload manager is configured to perform the network security action by appending the verification result to the SBI request message and transmitting the SBI request message to the producer NF. 18 . The system of claim 14 wherein, when the SCP does not have a valid cached verification result for the consumer NF security certificate, the consumer NF security certificate verification offload manager is configured to verify the consumer NF security certificate by: checking, on behalf of the producer NF, a certificate revocation list (CRL); and determining the verification result from the CRL. 19 . The system of claim 11 wherein the verification result indicates that the consumer NF security certificate has been revoked and to perform the network security action by rejecting the SBI request message including dropping the SBI request message and/or generating a fake response to the SBI request message. 20 . A non-transitory computer readable medium having stored thereon executable instructions that when executed by a processor of a computer control the computer to perform steps comprising: receiving, by a service communication proxy (SCP), a service-based interface (SBI) request message including a consumer NF security token signed by a consumer NF for authenticating the consumer NF to a producer NF; obtaining, by the SCP and from the consumer NF security token, an identifier for a consumer NF security certificate or a copy of the consumer NF security certificate; verifying, by the SCP and on behalf of the producer NF, the consumer NF security certificate; and performing, by the SCP and based on a verification result of the consumer NF security certificate, a network security action.