PatentsDB

Zero-Trust Enabled Workload Access for User Equipment

US2022408255A1 · US · A1

Patent metadata
FieldValue
Publication numberUS-2022408255-A1
Application numberUS-202217889891-A
CountryUS
Kind codeA1
Filing dateAug 17, 2022
Priority dateMar 8, 2021
Publication dateDec 22, 2022
Grant date

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method for a secure workload access service comprising: receiving a request for connection to a workload destination; validating access conditions of a requestor, wherein validation is based on a set of data identification services; and creating a connection to the workload destination, wherein the workload only sees sessions from the service. 2 . The method of claim 1 , wherein the validating is performed manually, by Artificial Intelligence (AI), and/or Machine Learning (ML), based on datasets. 3 . The method of claim 1 , wherein the data is calculated data by an AI-engine for known sets of workload, protocol, latency, speed, and endpoint combinations. 4 . The method of claim 3 , wherein the AI-engine delivers an outcome to a steering platform that instructs it on how and where to establish the connection. 5 . The method of claim 1 , wherein the validating includes determining an identity of the requestor, and the identity is determined by utilizing 5G Unified Data Management (UDM). 6 . The method of claim 1 , wherein no workload is accessible until validating of the access conditions of the requestor is performed. 7 . The method of claim 1 , wherein the connection is between local hosted workloads within a 5G carrier network, and a user connected to a non-mobile network, outside the bounds of the local network. 8 . A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform steps of: receiving a request for connection to a workload destination; validating access conditions of a requestor, wherein validation is based on a set of data identification services; and creating a connection to the workload destination, wherein the workload only sees sessions from the service. 9 . The non-transitory computer-readable medium of claim 8 , wherein the validating is performed manually, by Artificial Intelligence (AI), and/or Machine Learning (ML), based on datasets. 10 . The non-transitory computer-readable medium of claim 8 , wherein the data is calculated data by an AI-engine for known sets of workload, protocol, latency, speed, and endpoint combinations. 11 . The non-transitory computer-readable medium of claim 10 , wherein the AI-engine delivers an outcome to a steering platform that instructs it on how and where to establish the connection. 12 . The non-transitory computer-readable medium of claim 8 , wherein the validating includes determining an identity of the requestor, and the identity is determined by utilizing 5G Unified Data Management (UDM). 13 . The non-transitory computer-readable medium of claim 8 , wherein no workload is accessible until validating of the access conditions of the requestor is performed. 14 . The non-transitory computer-readable medium of claim 8 , wherein the connection is between local hosted workloads within a 5G carrier network, and a user connected to a non-mobile network, outside the bounds of the local network. 15 . A workload access system configured for cloud-based 5G security via an endpoint service, the workload access system comprising: one or more processors and memory storing instructions that, when executed, cause the one or more processors to: receive a request for connection to a workload destination; validate access conditions of a requestor, wherein validation is based on a set of data identification services; and create a connection to the workload destination, wherein the workload only sees sessions from the service. 16 . The workload access system of claim 15 , wherein the validating is performed manually, by Artificial Intelligence (AI), and/or Machine Learning (ML), based on datasets. 17 . The workload access system of claim 15 , wherein the data is calculated data by an AI-engine for known sets of workload, protocol, latency, speed, and endpoint combinations. 18 . The workload access system of claim 17 , wherein the AI-engine delivers an outcome to a steering platform that instructs it on how and where to establish the connection. 19 . The workload access system of claim 15 , wherein the validating includes determining an identity of the requestor, and the identity is determined by utilizing 5G Unified Data Management (UDM). 20 . The workload access system of claim 15 , wherein no workload is accessible until validating of the access conditions of the requestor is performed.

Assignees

Inventors

Classifications

  • H04W12/71

    Hardware identity · CPC title

  • H04W12/06

    Authentication · CPC title

  • H04W12/72

    Subscriber identity · CPC title

  • H04W4/60Primary

    Subscription-based services using application servers or record carriers, e.g. SIM application toolkits · CPC title

  • H04W28/0215

    based on user or device properties, e.g. MTC-capable devices (services for machine-to-machine communication [M2M] or machine type communication [MTC] H04W4/70; wireless resource selection or allocation plan definition based on terminal or device properties H04W72/51) · CPC title

Patent family

Related publications grouped by family.

View patent family 96657252

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2022408255A1 cover?
The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and th…
Who is the assignee on this patent?
Zscaler Inc
What technology area does this patent fall under?
Primary CPC classification H04W4/60. Mapped technology areas include Electricity.
When was this patent published?
Publication date Thu Dec 22 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).